General
-
Target
6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e
-
Size
105KB
-
Sample
221004-cawvdsgcaj
-
MD5
494427ec6ad02d5ce45935c166c0d0f0
-
SHA1
f2046741e3245550c438a078238e820f6bf142b2
-
SHA256
6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e
-
SHA512
4db1491c4ebd9e5b6bb5f7df6687689b054e4a9b9b3799be6a8ef23dfc8a9bb3ff2d5f1c4eaeb26a21c76682518688bd509777ea8f833b11acc0c78f994c2229
-
SSDEEP
3072:QaLFrswt4gAWi//1/8gVmedQ+x47VmoXocrV:QaxswBAZ/VJmV
Malware Config
Extracted
njrat
0.6.4
HacKed
loosseer1212.no-ip.biz:1177
8515eb34d8f9de5af815466e9715b3e5
-
reg_key
8515eb34d8f9de5af815466e9715b3e5
-
splitter
|'|'|
Targets
-
-
Target
6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e
-
Size
105KB
-
MD5
494427ec6ad02d5ce45935c166c0d0f0
-
SHA1
f2046741e3245550c438a078238e820f6bf142b2
-
SHA256
6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e
-
SHA512
4db1491c4ebd9e5b6bb5f7df6687689b054e4a9b9b3799be6a8ef23dfc8a9bb3ff2d5f1c4eaeb26a21c76682518688bd509777ea8f833b11acc0c78f994c2229
-
SSDEEP
3072:QaLFrswt4gAWi//1/8gVmedQ+x47VmoXocrV:QaxswBAZ/VJmV
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-