General
-
Target
86a5da9ed37c702502d7b770e9b619a98bcd03bb99d1b6454a6f17d06c9220f8
-
Size
24KB
-
Sample
221003-ct6tpsdgbq
-
MD5
66dad01dca0e7e7f3917ab5f89adc3b0
-
SHA1
e1e99c5cc8c899c61f7111445bb024692faaaaba
-
SHA256
86a5da9ed37c702502d7b770e9b619a98bcd03bb99d1b6454a6f17d06c9220f8
-
SHA512
fb996c9474ee40ef7e6717c66998f13fcf2db7a7dcb2df4c2d62834eef5a7a94d3f5f482d38f63b563afcafb7631946eef03e63784cbbfa820d8baa92e60b64f
-
SSDEEP
384:88aZYC9twBNdcvFaly2H0dKJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZSOU:iY+sNKqNHOSdRpcnunb
Malware Config
Extracted
njrat
0.7d
HacKed
roblucci.ddns.net:1497
9a5e9ef07ecca698ac3f8ad27c5276c2
-
reg_key
9a5e9ef07ecca698ac3f8ad27c5276c2
-
splitter
|'|'|
Targets
-
-
Target
86a5da9ed37c702502d7b770e9b619a98bcd03bb99d1b6454a6f17d06c9220f8
-
Size
24KB
-
MD5
66dad01dca0e7e7f3917ab5f89adc3b0
-
SHA1
e1e99c5cc8c899c61f7111445bb024692faaaaba
-
SHA256
86a5da9ed37c702502d7b770e9b619a98bcd03bb99d1b6454a6f17d06c9220f8
-
SHA512
fb996c9474ee40ef7e6717c66998f13fcf2db7a7dcb2df4c2d62834eef5a7a94d3f5f482d38f63b563afcafb7631946eef03e63784cbbfa820d8baa92e60b64f
-
SSDEEP
384:88aZYC9twBNdcvFaly2H0dKJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZSOU:iY+sNKqNHOSdRpcnunb
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-