General
-
Target
74fee0b97787c89b9bdd8e8fd113d2ce8c243c3027f306d65fd1e253624b4463
-
Size
532KB
-
Sample
221003-bf5h2sbecr
-
MD5
6f95c1d8908861855aba0e849f601290
-
SHA1
daa89de30f709202c68588b22f1fdb2991bf8151
-
SHA256
74fee0b97787c89b9bdd8e8fd113d2ce8c243c3027f306d65fd1e253624b4463
-
SHA512
9c2b087984627e90d8bed63b8e3753e99440755164f0b695932a1bd983706a6fb5d5c034c54c5468661038c88c170ee651b5c5fa798e567b2a306208b0481fe7
-
SSDEEP
12288:lyaEWJ9NDX9h1RorjjOxuDKTEsgsfPdfQsLaUAKAP0F5E1Z:UWZX9h1RorGxyA6sfPdfzAKFE1
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
74fee0b97787c89b9bdd8e8fd113d2ce8c243c3027f306d65fd1e253624b4463
-
Size
532KB
-
MD5
6f95c1d8908861855aba0e849f601290
-
SHA1
daa89de30f709202c68588b22f1fdb2991bf8151
-
SHA256
74fee0b97787c89b9bdd8e8fd113d2ce8c243c3027f306d65fd1e253624b4463
-
SHA512
9c2b087984627e90d8bed63b8e3753e99440755164f0b695932a1bd983706a6fb5d5c034c54c5468661038c88c170ee651b5c5fa798e567b2a306208b0481fe7
-
SSDEEP
12288:lyaEWJ9NDX9h1RorjjOxuDKTEsgsfPdfQsLaUAKAP0F5E1Z:UWZX9h1RorGxyA6sfPdfzAKFE1
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-