General
-
Target
a104818dac83ca730c43e8d74cb955ef8a6cddfc657356cb902c053ee671d6df
-
Size
27KB
-
Sample
221121-vl4y9aad97
-
MD5
2cee16ab29774968d774483f4d1e8bd2
-
SHA1
2376b6ca15ca1818c78d9f6108f4dc974cccea79
-
SHA256
a104818dac83ca730c43e8d74cb955ef8a6cddfc657356cb902c053ee671d6df
-
SHA512
2a522402945042bb73694f4e08f1cf60da97f1a432d40e08d7e15ba254a1493bf09dbd722b5e2c76e8813fe4b5e8a3803f449c675c6eeeb1cce4036ad8904a08
-
SSDEEP
384:Qc68yCaUVIhboNgfEimfkNzayS06vg5UhcpxH7ndmRvR6JZlbw8hqIusZzZ6uZ:2873kgNfoaf6ARpcnuW
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
fbde84e53e3aae292a620760d83f6652
-
reg_key
fbde84e53e3aae292a620760d83f6652
-
splitter
|'|'|
Targets
-
-
Target
a104818dac83ca730c43e8d74cb955ef8a6cddfc657356cb902c053ee671d6df
-
Size
27KB
-
MD5
2cee16ab29774968d774483f4d1e8bd2
-
SHA1
2376b6ca15ca1818c78d9f6108f4dc974cccea79
-
SHA256
a104818dac83ca730c43e8d74cb955ef8a6cddfc657356cb902c053ee671d6df
-
SHA512
2a522402945042bb73694f4e08f1cf60da97f1a432d40e08d7e15ba254a1493bf09dbd722b5e2c76e8813fe4b5e8a3803f449c675c6eeeb1cce4036ad8904a08
-
SSDEEP
384:Qc68yCaUVIhboNgfEimfkNzayS06vg5UhcpxH7ndmRvR6JZlbw8hqIusZzZ6uZ:2873kgNfoaf6ARpcnuW
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-