General
-
Target
134a0cbffc5e0b2262955c8f3cba4ee3fcf8a8618c41ca7cffe602cb9828bc58
-
Size
23KB
-
Sample
221029-m2k73sdag7
-
MD5
ef68fd4c7168ce53c3102766f40fe39f
-
SHA1
0f548db828e8fd27cf6e02c6c8eb743b9d4a58c5
-
SHA256
134a0cbffc5e0b2262955c8f3cba4ee3fcf8a8618c41ca7cffe602cb9828bc58
-
SHA512
2a9976ff7a5aea531183879a20ca171b3e52d4d3641170865d179dc14188d8923fd7ffc9d2d3eb1427659303af40c2b68561ea3ce95d3e96aa12011598eb274a
-
SSDEEP
384:N8aZYC9twBNdcvFaly2H0daJo6fghcASEJqc/ZmRvR6JZlbw8hqIusZzZ3T:FY+sNKqNHSSdRpcnuA
Malware Config
Extracted
njrat
0.7d
HacKed
kalil12.no-ip.biz:1177
28a4046bb2a07d5c70e5b3640dc86123
-
reg_key
28a4046bb2a07d5c70e5b3640dc86123
-
splitter
|'|'|
Targets
-
-
Target
134a0cbffc5e0b2262955c8f3cba4ee3fcf8a8618c41ca7cffe602cb9828bc58
-
Size
23KB
-
MD5
ef68fd4c7168ce53c3102766f40fe39f
-
SHA1
0f548db828e8fd27cf6e02c6c8eb743b9d4a58c5
-
SHA256
134a0cbffc5e0b2262955c8f3cba4ee3fcf8a8618c41ca7cffe602cb9828bc58
-
SHA512
2a9976ff7a5aea531183879a20ca171b3e52d4d3641170865d179dc14188d8923fd7ffc9d2d3eb1427659303af40c2b68561ea3ce95d3e96aa12011598eb274a
-
SSDEEP
384:N8aZYC9twBNdcvFaly2H0daJo6fghcASEJqc/ZmRvR6JZlbw8hqIusZzZ3T:FY+sNKqNHSSdRpcnuA
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-