General
-
Target
f2a05c5f1219aaffda9e5a342e987095276efe7e1977bdd636bd15dbc6047b95
-
Size
23KB
-
Sample
221003-ar46zsadel
-
MD5
6f99b978e519e45e7d72b153d66edb70
-
SHA1
f87fce0d180c1be2ac06c852c1423522a8699da5
-
SHA256
f2a05c5f1219aaffda9e5a342e987095276efe7e1977bdd636bd15dbc6047b95
-
SHA512
b9b5429bcee8e0f030b0a66540c04a8ac738f3f6941225bad315e488ff75e8b13194fe39b12e11ddd21510863498920d7c35b9f95c27c1c3585fb5ecc032fd08
-
SSDEEP
384:HsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZjW:cf65K2Yf1jKRpcnut
Malware Config
Extracted
njrat
0.7d
HacKed
potdark.no-ip.org:1999
1551c651c5ab849c23fad8dbba1720e8
-
reg_key
1551c651c5ab849c23fad8dbba1720e8
-
splitter
|'|'|
Targets
-
-
Target
f2a05c5f1219aaffda9e5a342e987095276efe7e1977bdd636bd15dbc6047b95
-
Size
23KB
-
MD5
6f99b978e519e45e7d72b153d66edb70
-
SHA1
f87fce0d180c1be2ac06c852c1423522a8699da5
-
SHA256
f2a05c5f1219aaffda9e5a342e987095276efe7e1977bdd636bd15dbc6047b95
-
SHA512
b9b5429bcee8e0f030b0a66540c04a8ac738f3f6941225bad315e488ff75e8b13194fe39b12e11ddd21510863498920d7c35b9f95c27c1c3585fb5ecc032fd08
-
SSDEEP
384:HsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZjW:cf65K2Yf1jKRpcnut
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-