General
-
Target
505ba984cd9eee1996aa5ca2f0d0d7b7ce84ffc366520a1fdde99eab9928c503
-
Size
23KB
-
Sample
221121-29qj4abb64
-
MD5
ae98400f57ec78a7a7e48d31c17e95ec
-
SHA1
84d2f939c4bd65cdf1b1cfeab946dfff6b85a1ea
-
SHA256
505ba984cd9eee1996aa5ca2f0d0d7b7ce84ffc366520a1fdde99eab9928c503
-
SHA512
19317fdbb931c3b3fcd29cd6550e3f9c12c73ed2be93e172df58e44c2c976408dfb5586ffb152a323b8f0ab1bc6edc4b43d3336beebcf689b51141be38beb995
-
SSDEEP
384:rweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZhC:MLq411eRpcnu/
Malware Config
Extracted
njrat
0.7d
HacKed
satan2.no-ip.biz:1177
a4585cf09c1d42f01f6e99b4d2bfb181
-
reg_key
a4585cf09c1d42f01f6e99b4d2bfb181
-
splitter
|'|'|
Targets
-
-
Target
505ba984cd9eee1996aa5ca2f0d0d7b7ce84ffc366520a1fdde99eab9928c503
-
Size
23KB
-
MD5
ae98400f57ec78a7a7e48d31c17e95ec
-
SHA1
84d2f939c4bd65cdf1b1cfeab946dfff6b85a1ea
-
SHA256
505ba984cd9eee1996aa5ca2f0d0d7b7ce84ffc366520a1fdde99eab9928c503
-
SHA512
19317fdbb931c3b3fcd29cd6550e3f9c12c73ed2be93e172df58e44c2c976408dfb5586ffb152a323b8f0ab1bc6edc4b43d3336beebcf689b51141be38beb995
-
SSDEEP
384:rweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZhC:MLq411eRpcnu/
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-