General
-
Target
6d32feca089498fa2dd724c15aba575958686d9a7903bb409bbeb7eac81041fb
-
Size
149KB
-
Sample
221012-wnnkqaeeh9
-
MD5
7aaf6f85efb76651f9f58096c51da8f0
-
SHA1
5ade845e9c338641172b211a3c5fef6265ba1c8e
-
SHA256
6d32feca089498fa2dd724c15aba575958686d9a7903bb409bbeb7eac81041fb
-
SHA512
be0be39bc569db1d19e79a3994f94eff707ee586e7256919bff7001161b45e6c2ef6f2c2a31694e55494cff9b9401a8ef1debdc1d2083484d578341a181aa65f
-
SSDEEP
1536:X89yVWN812PN1vcbyjvFZYaSQa8Sm6Uq7ng3wSJZliqjzVvX1em:X2CkCiNNc+jdZnr67n47Z91em
Malware Config
Extracted
njrat
0.7d
BACK
mrdos11.no-ip.info:82
b783c0e7129c40140a602ecff32029a2
-
reg_key
b783c0e7129c40140a602ecff32029a2
-
splitter
|'|'|
Targets
-
-
Target
6d32feca089498fa2dd724c15aba575958686d9a7903bb409bbeb7eac81041fb
-
Size
149KB
-
MD5
7aaf6f85efb76651f9f58096c51da8f0
-
SHA1
5ade845e9c338641172b211a3c5fef6265ba1c8e
-
SHA256
6d32feca089498fa2dd724c15aba575958686d9a7903bb409bbeb7eac81041fb
-
SHA512
be0be39bc569db1d19e79a3994f94eff707ee586e7256919bff7001161b45e6c2ef6f2c2a31694e55494cff9b9401a8ef1debdc1d2083484d578341a181aa65f
-
SSDEEP
1536:X89yVWN812PN1vcbyjvFZYaSQa8Sm6Uq7ng3wSJZliqjzVvX1em:X2CkCiNNc+jdZnr67n47Z91em
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-