General
-
Target
4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16
-
Size
660KB
-
Sample
221029-2pacdaacf4
-
MD5
55865a014d08f914c4d1ac2b1d4b04b0
-
SHA1
9c7ea77c1076ecb10e490a2e2d0b3b509479717b
-
SHA256
4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16
-
SHA512
d42bdc219539e3c75d84e2be7f0b974df16d811a40e42fae785c98fa2c1e6d3ac396b5f1c4e05201e8afeb2eef97e95228e1f6fec7847ebc1da1da90429d5194
-
SSDEEP
12288:x7YpAXGsSal6B/S0XHSsZwNPUxVK44L6sT3Elu7HOwDLd6zcd5EgpeV:xsAWj4NdV
Malware Config
Extracted
njrat
0.6.4
HacKed
attiya-dz.no-ip.biz:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16
-
Size
660KB
-
MD5
55865a014d08f914c4d1ac2b1d4b04b0
-
SHA1
9c7ea77c1076ecb10e490a2e2d0b3b509479717b
-
SHA256
4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16
-
SHA512
d42bdc219539e3c75d84e2be7f0b974df16d811a40e42fae785c98fa2c1e6d3ac396b5f1c4e05201e8afeb2eef97e95228e1f6fec7847ebc1da1da90429d5194
-
SSDEEP
12288:x7YpAXGsSal6B/S0XHSsZwNPUxVK44L6sT3Elu7HOwDLd6zcd5EgpeV:xsAWj4NdV
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-