General
-
Target
07eeca89a28dfb3215f5902ec1bb615f3c50e14f12ac2f1dedf399bfc46812fa
-
Size
151KB
-
Sample
221012-v33gradefr
-
MD5
699a4124f54535d6846e4b68b1396520
-
SHA1
f4da9f0dea2b03485777fa99e72046e8e7e745a3
-
SHA256
07eeca89a28dfb3215f5902ec1bb615f3c50e14f12ac2f1dedf399bfc46812fa
-
SHA512
e1755f9b6ce195f594c6a549e25df92aa11303b12eea2882420d80d99b7e4f8959eea062e5977c982e12e066ea72f3fb6eb3ab76a31bdddce90a4ad1e9f7e267
-
SSDEEP
3072:Y4/Hmc5MCcHGpVSkt+DqE7VIp/afUcCXKiDOHsacb3pjGmFYflwKb8c:YcNL5+CxacuMacrpjGmFYNwS
Malware Config
Extracted
njrat
0.7d
jgj
kakam50.no-ip.biz:5552
5ef1dd4d005ba321ffd356a3a05a85b2
-
reg_key
5ef1dd4d005ba321ffd356a3a05a85b2
-
splitter
|'|'|
Targets
-
-
Target
07eeca89a28dfb3215f5902ec1bb615f3c50e14f12ac2f1dedf399bfc46812fa
-
Size
151KB
-
MD5
699a4124f54535d6846e4b68b1396520
-
SHA1
f4da9f0dea2b03485777fa99e72046e8e7e745a3
-
SHA256
07eeca89a28dfb3215f5902ec1bb615f3c50e14f12ac2f1dedf399bfc46812fa
-
SHA512
e1755f9b6ce195f594c6a549e25df92aa11303b12eea2882420d80d99b7e4f8959eea062e5977c982e12e066ea72f3fb6eb3ab76a31bdddce90a4ad1e9f7e267
-
SSDEEP
3072:Y4/Hmc5MCcHGpVSkt+DqE7VIp/afUcCXKiDOHsacb3pjGmFYflwKb8c:YcNL5+CxacuMacrpjGmFYNwS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-