General
-
Target
732879f1bee1de178c8444d36c2c731a32ae81fcf87ccb9563eb4747d79e20d0
-
Size
23.9MB
-
Sample
221029-qs383shbe7
-
MD5
bdbb3166022d10d78eedb00785449eb0
-
SHA1
ce72382ae3b39e3f80ad90519c805974dd602dae
-
SHA256
732879f1bee1de178c8444d36c2c731a32ae81fcf87ccb9563eb4747d79e20d0
-
SHA512
395e429068502b05506f4120d9e7462cfcb7c058ff36a812554dce2e75519c79c95bad47b6911fcb11fe436e1cd250c1fac8caee957a3c38036bb6e7327d23a4
-
SSDEEP
24576:9byYDmh81W5QdDr/NvcZkOC0L5/FBdEI8TDL:EC1Nr/lc6CL5FB58TDL
Malware Config
Extracted
njrat
0.7d
1
skype.nightowldvr.com:3
10aa45ad5a1fb063b78264c468bc0ce9
-
reg_key
10aa45ad5a1fb063b78264c468bc0ce9
-
splitter
|'|'|
Targets
-
-
Target
732879f1bee1de178c8444d36c2c731a32ae81fcf87ccb9563eb4747d79e20d0
-
Size
23.9MB
-
MD5
bdbb3166022d10d78eedb00785449eb0
-
SHA1
ce72382ae3b39e3f80ad90519c805974dd602dae
-
SHA256
732879f1bee1de178c8444d36c2c731a32ae81fcf87ccb9563eb4747d79e20d0
-
SHA512
395e429068502b05506f4120d9e7462cfcb7c058ff36a812554dce2e75519c79c95bad47b6911fcb11fe436e1cd250c1fac8caee957a3c38036bb6e7327d23a4
-
SSDEEP
24576:9byYDmh81W5QdDr/NvcZkOC0L5/FBdEI8TDL:EC1Nr/lc6CL5FB58TDL
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-