General
-
Target
06db79cc781fbd5e7011a988a21bdef1a97ae6567420c064aece296603a69ec2
-
Size
89KB
-
Sample
221107-shq7wafccm
-
MD5
0d199df59438112d724bcb0afa3e9580
-
SHA1
289892a725b551cc0efcf31ac2e21cb5c0995bd6
-
SHA256
06db79cc781fbd5e7011a988a21bdef1a97ae6567420c064aece296603a69ec2
-
SHA512
bbb6638a8348b183df648a2fabcd8542668ba21d0ae26e209372f742587b0fcfd83829b895eace8b7cce7c364d6846b939c1bb05325c9505fcfdd44495cb70b1
-
SSDEEP
1536:5fDEjOm1e2swuumkqEc2O0zcrK3mv5b4Cef9YKG0hHGzVKC/Vo5NA/NBr1SEcZ:poj22s8mA+0zGK305bFef9YoHCVKKV2V
Malware Config
Extracted
njrat
0.7d
HacKed
h3q.myq-see.com:1177
87a897b0061f05c5ac06e57c2531228d
-
reg_key
87a897b0061f05c5ac06e57c2531228d
-
splitter
|'|'|
Targets
-
-
Target
06db79cc781fbd5e7011a988a21bdef1a97ae6567420c064aece296603a69ec2
-
Size
89KB
-
MD5
0d199df59438112d724bcb0afa3e9580
-
SHA1
289892a725b551cc0efcf31ac2e21cb5c0995bd6
-
SHA256
06db79cc781fbd5e7011a988a21bdef1a97ae6567420c064aece296603a69ec2
-
SHA512
bbb6638a8348b183df648a2fabcd8542668ba21d0ae26e209372f742587b0fcfd83829b895eace8b7cce7c364d6846b939c1bb05325c9505fcfdd44495cb70b1
-
SSDEEP
1536:5fDEjOm1e2swuumkqEc2O0zcrK3mv5b4Cef9YKG0hHGzVKC/Vo5NA/NBr1SEcZ:poj22s8mA+0zGK305bFef9YoHCVKKV2V
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-