General
-
Target
0675fd2f6ba7508c0c7064d51223e4c5ae521a2a83d20f36189dcb5a15dbfaca
-
Size
31KB
-
Sample
221003-sp9b2acfel
-
MD5
489f6e07931800e86db3bec9e8975e70
-
SHA1
a18fbcb963addef7350edc22ee2237662670cf57
-
SHA256
0675fd2f6ba7508c0c7064d51223e4c5ae521a2a83d20f36189dcb5a15dbfaca
-
SHA512
f34f361cec82029883add77479c9cffff2cfcbc6fee82b36cbf20cbf0ae2eff6a0bfcc1cd7b330b6c695cf644db903c5daac721a3496a53d53b5c9694ef9dfca
-
SSDEEP
384:0XUHEBl7p3hUw2s7hv55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZz3z:0L7bUw2CtkEcqNreHBKh0p29SgRR/
Malware Config
Extracted
njrat
0.6.4
HacKed
mooooooz.zapto.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
0675fd2f6ba7508c0c7064d51223e4c5ae521a2a83d20f36189dcb5a15dbfaca
-
Size
31KB
-
MD5
489f6e07931800e86db3bec9e8975e70
-
SHA1
a18fbcb963addef7350edc22ee2237662670cf57
-
SHA256
0675fd2f6ba7508c0c7064d51223e4c5ae521a2a83d20f36189dcb5a15dbfaca
-
SHA512
f34f361cec82029883add77479c9cffff2cfcbc6fee82b36cbf20cbf0ae2eff6a0bfcc1cd7b330b6c695cf644db903c5daac721a3496a53d53b5c9694ef9dfca
-
SSDEEP
384:0XUHEBl7p3hUw2s7hv55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZz3z:0L7bUw2CtkEcqNreHBKh0p29SgRR/
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-