General
-
Target
69f5dadcba43c8ce8469aeb43666cc1c46981b59986e4b9a0c30cc03c08eec1b
-
Size
636KB
-
Sample
221106-mhcftshggp
-
MD5
2880dc879adb28c27134757124c80c70
-
SHA1
5ee6c7f6081f49699c5343d70ba26dacf2e95fa4
-
SHA256
69f5dadcba43c8ce8469aeb43666cc1c46981b59986e4b9a0c30cc03c08eec1b
-
SHA512
687d806178bc3b02c7e516408b4383aa32e5d751d734bbaad285e3f148b1fcdb09a2f52a3da63acd3ceef9f582e41603e62f59ac1128d0f1763d8e40e8b02382
-
SSDEEP
12288:UvwZHcnHDco5+dYJJo3DqDUgvJtkw0zUE5WhMOqOTAw2mIxKnL48+GHGBv:2wZHcnHDxdLlxml
Malware Config
Extracted
njrat
0.7d
HacKed
muamal33.no-ip.biz:5552
d1b7976cc03cc428bbc29dcfb39b895f
-
reg_key
d1b7976cc03cc428bbc29dcfb39b895f
-
splitter
|'|'|
Targets
-
-
Target
69f5dadcba43c8ce8469aeb43666cc1c46981b59986e4b9a0c30cc03c08eec1b
-
Size
636KB
-
MD5
2880dc879adb28c27134757124c80c70
-
SHA1
5ee6c7f6081f49699c5343d70ba26dacf2e95fa4
-
SHA256
69f5dadcba43c8ce8469aeb43666cc1c46981b59986e4b9a0c30cc03c08eec1b
-
SHA512
687d806178bc3b02c7e516408b4383aa32e5d751d734bbaad285e3f148b1fcdb09a2f52a3da63acd3ceef9f582e41603e62f59ac1128d0f1763d8e40e8b02382
-
SSDEEP
12288:UvwZHcnHDco5+dYJJo3DqDUgvJtkw0zUE5WhMOqOTAw2mIxKnL48+GHGBv:2wZHcnHDxdLlxml
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-