General
-
Target
3e52e49f1c0ea5cdeb5314f894f481c553b3841eec4c0a2ba8b5aa183affd3fc
-
Size
270KB
-
Sample
221011-sv2t5sbhgq
-
MD5
6e9b21506f657614800e3893b2954e80
-
SHA1
5b41d28b20a29996be71d1776637591c09200c2a
-
SHA256
3e52e49f1c0ea5cdeb5314f894f481c553b3841eec4c0a2ba8b5aa183affd3fc
-
SHA512
bffa7110047b6596b6635b92dd6869c0d9e17d39f65281f85507b6ee3fdd9a060b37ef14e1a077719614c3ca042237901cfcb83b6c9a08f2dcca42a7781e37d9
-
SSDEEP
6144:jDKW1Lgbdl0TBBvjc/J0Lv5Usy19CX/7y2cznP:3h1Lk70TnvjcB0bHy2yRT
Malware Config
Extracted
njrat
0.6.4
HacKed
superstart.myq-see.com:1177
8bb662d6a258d1485dea4aedcf4aeffe
-
reg_key
8bb662d6a258d1485dea4aedcf4aeffe
-
splitter
|'|'|
Targets
-
-
Target
3e52e49f1c0ea5cdeb5314f894f481c553b3841eec4c0a2ba8b5aa183affd3fc
-
Size
270KB
-
MD5
6e9b21506f657614800e3893b2954e80
-
SHA1
5b41d28b20a29996be71d1776637591c09200c2a
-
SHA256
3e52e49f1c0ea5cdeb5314f894f481c553b3841eec4c0a2ba8b5aa183affd3fc
-
SHA512
bffa7110047b6596b6635b92dd6869c0d9e17d39f65281f85507b6ee3fdd9a060b37ef14e1a077719614c3ca042237901cfcb83b6c9a08f2dcca42a7781e37d9
-
SSDEEP
6144:jDKW1Lgbdl0TBBvjc/J0Lv5Usy19CX/7y2cznP:3h1Lk70TnvjcB0bHy2yRT
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-