General
-
Target
355675ea1cb2e1cc43308f07d47b71d3452365130fc3cbc9b796a7878f356e27
-
Size
343KB
-
Sample
221030-sewcesgcgm
-
MD5
829b2b6919baa284646f6372f850f7c0
-
SHA1
57344af11aedf0e879858bf2b8ee5be513a53885
-
SHA256
355675ea1cb2e1cc43308f07d47b71d3452365130fc3cbc9b796a7878f356e27
-
SHA512
dd32163c54da57860a572dae8b4ed1515f8fb892fb92a16c843c928e8604c4dadda772567711dfb23d152649f7849f48c61a0c0687aea587a531f04fb079c53f
-
SSDEEP
1536:7nMNT2n3G+P9bITfLe5zlhgNkeLe/amg1fgZ1Qvn2GGZvFL6iho1b+nIHIkQExbM:oFo2+P9bITqR+b+4vB+n34Xryp98C3
Malware Config
Extracted
njrat
0.6.4
hacker
127.0.0.1:1177
ba4c12bee3027d94da5c81db2d196bfd
-
reg_key
ba4c12bee3027d94da5c81db2d196bfd
-
splitter
|'|'|
Targets
-
-
Target
355675ea1cb2e1cc43308f07d47b71d3452365130fc3cbc9b796a7878f356e27
-
Size
343KB
-
MD5
829b2b6919baa284646f6372f850f7c0
-
SHA1
57344af11aedf0e879858bf2b8ee5be513a53885
-
SHA256
355675ea1cb2e1cc43308f07d47b71d3452365130fc3cbc9b796a7878f356e27
-
SHA512
dd32163c54da57860a572dae8b4ed1515f8fb892fb92a16c843c928e8604c4dadda772567711dfb23d152649f7849f48c61a0c0687aea587a531f04fb079c53f
-
SSDEEP
1536:7nMNT2n3G+P9bITfLe5zlhgNkeLe/amg1fgZ1Qvn2GGZvFL6iho1b+nIHIkQExbM:oFo2+P9bITqR+b+4vB+n34Xryp98C3
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-