General
-
Target
05c6e2475d547bfebcb56aeb53546433a57d27c3e6392b51d8c5f0b3c0f356e0
-
Size
132KB
-
Sample
221106-ltq8paedb5
-
MD5
10c1ced83ce8354b9ffb5d5892e76630
-
SHA1
298dce72815accd9b2ab724004afd9f8dfedfe14
-
SHA256
05c6e2475d547bfebcb56aeb53546433a57d27c3e6392b51d8c5f0b3c0f356e0
-
SHA512
049ab0efba23731df28bd463f9518b8b9183a01c15798c9e7e2dfaabbf1763a65d8133116b639a5a3877ea9112de8c89c7228239c9cc7f91fb2bb2a04213f1eb
-
SSDEEP
3072:pP4y3Ga2xGaDLyXnD3gw98iBymQWx+bTR3I2TdgO:Z0VsaknzZ8iBrLIZ3IIi
Malware Config
Extracted
njrat
0.7d
HacKed
adeleshtayaa.ddns.net:5552
9e4af517376b56a3aed0db3fd5b7d7e0
-
reg_key
9e4af517376b56a3aed0db3fd5b7d7e0
-
splitter
|'|'|
Targets
-
-
Target
05c6e2475d547bfebcb56aeb53546433a57d27c3e6392b51d8c5f0b3c0f356e0
-
Size
132KB
-
MD5
10c1ced83ce8354b9ffb5d5892e76630
-
SHA1
298dce72815accd9b2ab724004afd9f8dfedfe14
-
SHA256
05c6e2475d547bfebcb56aeb53546433a57d27c3e6392b51d8c5f0b3c0f356e0
-
SHA512
049ab0efba23731df28bd463f9518b8b9183a01c15798c9e7e2dfaabbf1763a65d8133116b639a5a3877ea9112de8c89c7228239c9cc7f91fb2bb2a04213f1eb
-
SSDEEP
3072:pP4y3Ga2xGaDLyXnD3gw98iBymQWx+bTR3I2TdgO:Z0VsaknzZ8iBrLIZ3IIi
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-