General
-
Target
34cbec829cf1fb0e161ac5251fa010bc1e9222bc4d1795b4123f15e64d22bb96
-
Size
25KB
-
Sample
221019-26ey7acdf9
-
MD5
9145009fb8003247935fed666198fa00
-
SHA1
091adf513d197bb56781f8e949ef33e1cc55347a
-
SHA256
34cbec829cf1fb0e161ac5251fa010bc1e9222bc4d1795b4123f15e64d22bb96
-
SHA512
3617c89f71a81bde0b3cde75de172f42a4e406197f09216ebba5ec1f7e7c6783d633e78b3af5cf57b47108a1241b6de6f941c7ad47f5a6e7b4f55c48010d9569
-
SSDEEP
384:tHoWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZm3kYIkIMDz:tgJuk9pHRpcnu1UYIkRDz
Malware Config
Extracted
njrat
0.7d
AnonymousTunisie
gta5.no-ip.info:1177
2cf313484d72c963e88379a311ae7bdb
-
reg_key
2cf313484d72c963e88379a311ae7bdb
-
splitter
|'|'|
Targets
-
-
Target
34cbec829cf1fb0e161ac5251fa010bc1e9222bc4d1795b4123f15e64d22bb96
-
Size
25KB
-
MD5
9145009fb8003247935fed666198fa00
-
SHA1
091adf513d197bb56781f8e949ef33e1cc55347a
-
SHA256
34cbec829cf1fb0e161ac5251fa010bc1e9222bc4d1795b4123f15e64d22bb96
-
SHA512
3617c89f71a81bde0b3cde75de172f42a4e406197f09216ebba5ec1f7e7c6783d633e78b3af5cf57b47108a1241b6de6f941c7ad47f5a6e7b4f55c48010d9569
-
SSDEEP
384:tHoWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZm3kYIkIMDz:tgJuk9pHRpcnu1UYIkRDz
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-