General
-
Target
6fe4080cb697c9506bdce38bb3035aa5b6cee481b514627446eec9abd9a7df79
-
Size
57KB
-
Sample
221021-kg7jgabfam
-
MD5
45b9dc397ac9e0c49ad0e81b9e507000
-
SHA1
a3cb6e2b29d514c1fda224ce986f907a37bf9c70
-
SHA256
6fe4080cb697c9506bdce38bb3035aa5b6cee481b514627446eec9abd9a7df79
-
SHA512
4f3f6fe8c9ec78eb5191f6ce1d875b050e792c3179b0ed62e7fafeaeb5f79b5830ac187c478526551eb0a5f792ede4f0153af1290bb8831b03344b8b5c5f6582
-
SSDEEP
1536:4g+dL1sfm++vZkeQzpKbzuqtGSBRAKIICQ:4g+dLOe+O/2M1IU
Malware Config
Extracted
njrat
0.7d
HacKed
haok.hopto.org:81
6e6a8368f07f876187e3d308ef2755ad
-
reg_key
6e6a8368f07f876187e3d308ef2755ad
-
splitter
|'|'|
Targets
-
-
Target
6fe4080cb697c9506bdce38bb3035aa5b6cee481b514627446eec9abd9a7df79
-
Size
57KB
-
MD5
45b9dc397ac9e0c49ad0e81b9e507000
-
SHA1
a3cb6e2b29d514c1fda224ce986f907a37bf9c70
-
SHA256
6fe4080cb697c9506bdce38bb3035aa5b6cee481b514627446eec9abd9a7df79
-
SHA512
4f3f6fe8c9ec78eb5191f6ce1d875b050e792c3179b0ed62e7fafeaeb5f79b5830ac187c478526551eb0a5f792ede4f0153af1290bb8831b03344b8b5c5f6582
-
SSDEEP
1536:4g+dL1sfm++vZkeQzpKbzuqtGSBRAKIICQ:4g+dLOe+O/2M1IU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-