General
-
Target
09dc693c1c17247bc1fa67d09c0d274110f5a4ed8035fa2c2e3ecbf39b1dc9e7
-
Size
933KB
-
Sample
221020-z7vpxsfaep
-
MD5
801e6f3c198e730c75d81127ca7f7110
-
SHA1
a656266153a46b8aa4a009ce82bd7734b41f2648
-
SHA256
09dc693c1c17247bc1fa67d09c0d274110f5a4ed8035fa2c2e3ecbf39b1dc9e7
-
SHA512
b946ee0d5409ff12553db229241273463a4169839e8403092452f0be05a64884f7401f66085805a463080664d1d030fc342b52ffda682aabd49ced30d3243d6d
-
SSDEEP
1536:qWoy0+w6JFwn+BVBb2a2WW5MeGD7BKb7+it2mgMJPRWgLX:qWoy0+w6JFwn+BVBb27WWH2k/JYgb
Malware Config
Extracted
njrat
0.7d
error
errror0410.no-ip.biz:1177
d68d7d95fa16075bc3e966b8b3b693df
-
reg_key
d68d7d95fa16075bc3e966b8b3b693df
-
splitter
|'|'|
Targets
-
-
Target
09dc693c1c17247bc1fa67d09c0d274110f5a4ed8035fa2c2e3ecbf39b1dc9e7
-
Size
933KB
-
MD5
801e6f3c198e730c75d81127ca7f7110
-
SHA1
a656266153a46b8aa4a009ce82bd7734b41f2648
-
SHA256
09dc693c1c17247bc1fa67d09c0d274110f5a4ed8035fa2c2e3ecbf39b1dc9e7
-
SHA512
b946ee0d5409ff12553db229241273463a4169839e8403092452f0be05a64884f7401f66085805a463080664d1d030fc342b52ffda682aabd49ced30d3243d6d
-
SSDEEP
1536:qWoy0+w6JFwn+BVBb2a2WW5MeGD7BKb7+it2mgMJPRWgLX:qWoy0+w6JFwn+BVBb27WWH2k/JYgb
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-