General
-
Target
3889cd880910601d232b14bdd2aaeeb2dd8ae34def20d21596cfe1672ce1460e
-
Size
23KB
-
Sample
221029-ms8xsadedm
-
MD5
fb2ef83744c438c6e1bf6472096d3dbd
-
SHA1
0192d529d57717c136af2eea212184136f95dad7
-
SHA256
3889cd880910601d232b14bdd2aaeeb2dd8ae34def20d21596cfe1672ce1460e
-
SHA512
ecb8cc79c33264fdc369aa9d4ec23067376ae41e79d0c440d1d6afd6d6678f692edfba582fbba3e759fe3eb3549d7df7698541e3b3c2473ae25ae21b1152bd28
-
SSDEEP
384:/cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZfa:k30py6vhxaRpcnuh
Malware Config
Extracted
njrat
0.7d
1
zazagamer.no-ip.biz:5552
129a19d259ac53b5bd4415bbb9a6da02
-
reg_key
129a19d259ac53b5bd4415bbb9a6da02
-
splitter
|'|'|
Targets
-
-
Target
3889cd880910601d232b14bdd2aaeeb2dd8ae34def20d21596cfe1672ce1460e
-
Size
23KB
-
MD5
fb2ef83744c438c6e1bf6472096d3dbd
-
SHA1
0192d529d57717c136af2eea212184136f95dad7
-
SHA256
3889cd880910601d232b14bdd2aaeeb2dd8ae34def20d21596cfe1672ce1460e
-
SHA512
ecb8cc79c33264fdc369aa9d4ec23067376ae41e79d0c440d1d6afd6d6678f692edfba582fbba3e759fe3eb3549d7df7698541e3b3c2473ae25ae21b1152bd28
-
SSDEEP
384:/cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZfa:k30py6vhxaRpcnuh
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-