General
-
Target
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
Size
255KB
-
Sample
221004-b3gqhafhak
-
MD5
692cc299413a63e12db0be146ad906e0
-
SHA1
6f2c1dc4b26c21784f9ee4fb850abad30d4e0850
-
SHA256
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
SHA512
674c4c9502b91ed9d445e058c6ce69eb301ece610b99d73fbce9ba143fde2d862b3677ab378a319cbbdc8fb3000ae3996a0f64c329e4dbc3ed44e79504cfd505
-
SSDEEP
6144:bvAEij0W9CjZKtA547QBrdrpw6Eqt1pNJP:bvADjojU6WUdrqzKJP
Malware Config
Extracted
njrat
0.7d
yahoo
aseel123.ddns.net:5552
36553d30eb61b8600f25930b74bb73c4
-
reg_key
36553d30eb61b8600f25930b74bb73c4
-
splitter
|'|'|
Targets
-
-
Target
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
Size
255KB
-
MD5
692cc299413a63e12db0be146ad906e0
-
SHA1
6f2c1dc4b26c21784f9ee4fb850abad30d4e0850
-
SHA256
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
SHA512
674c4c9502b91ed9d445e058c6ce69eb301ece610b99d73fbce9ba143fde2d862b3677ab378a319cbbdc8fb3000ae3996a0f64c329e4dbc3ed44e79504cfd505
-
SSDEEP
6144:bvAEij0W9CjZKtA547QBrdrpw6Eqt1pNJP:bvADjojU6WUdrqzKJP
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-