General
-
Target
652c0a54d276d3b8582844171189c9242ee71e20f8040dcf990724508fa15077
-
Size
130KB
-
Sample
221003-bjq5tsbfek
-
MD5
6cf87883c44fab14135667d29be27a60
-
SHA1
18b6cb7665ce36c9dc43fc3f7e72879411650d95
-
SHA256
652c0a54d276d3b8582844171189c9242ee71e20f8040dcf990724508fa15077
-
SHA512
8e4fb664d5b4c3cde1c38ca21158dba7620e992fddfb1f0f3a769b65112883640511594d505b8ea2db3f92404c7186bf59dd4d1db677ea27cec29f764c7ec4a7
-
SSDEEP
3072:XYIG0RFac0eq2+e+UfVOI/++XmaAfkYmztzG163:q2f9+0h2XfPmztzG16
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:80
f28593ab4d0e2dcddc48d27d99c13439
-
reg_key
f28593ab4d0e2dcddc48d27d99c13439
-
splitter
|'|'|
Targets
-
-
Target
652c0a54d276d3b8582844171189c9242ee71e20f8040dcf990724508fa15077
-
Size
130KB
-
MD5
6cf87883c44fab14135667d29be27a60
-
SHA1
18b6cb7665ce36c9dc43fc3f7e72879411650d95
-
SHA256
652c0a54d276d3b8582844171189c9242ee71e20f8040dcf990724508fa15077
-
SHA512
8e4fb664d5b4c3cde1c38ca21158dba7620e992fddfb1f0f3a769b65112883640511594d505b8ea2db3f92404c7186bf59dd4d1db677ea27cec29f764c7ec4a7
-
SSDEEP
3072:XYIG0RFac0eq2+e+UfVOI/++XmaAfkYmztzG163:q2f9+0h2XfPmztzG16
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-