General
-
Target
addbfc18bea23d5c1a8f556a7c250622582471bcb58e6297ebb79bc0bf557340
-
Size
29KB
-
Sample
221121-vlwymsdh21
-
MD5
22d51884b353c1bc5e5b6953d71176a0
-
SHA1
31194364c3d612048147ebc6c72052294e1ea5ea
-
SHA256
addbfc18bea23d5c1a8f556a7c250622582471bcb58e6297ebb79bc0bf557340
-
SHA512
e9821a57a627dd8af9a535d667a5d1e30db2deab271ba9564f5a03e55738dccba00ffcb2f039e86adaec6227569a753b94937aba7fa4ec7df28149ff90e8badc
-
SSDEEP
384:UgJGJl7tj1MsagaF1+G5pdnGWmqDCbNhekcGBsbh0w4wlAokw9OhgOL1vYRGOZzy:g7nMsanZRnQqIXeOBKh0p29SgRaB
Malware Config
Extracted
njrat
0.6.4
PointBlank
kidaoloko.no-ip.org:1177
c369e568f43218aa4fe2622dd5d41e43
-
reg_key
c369e568f43218aa4fe2622dd5d41e43
-
splitter
|'|'|
Targets
-
-
Target
addbfc18bea23d5c1a8f556a7c250622582471bcb58e6297ebb79bc0bf557340
-
Size
29KB
-
MD5
22d51884b353c1bc5e5b6953d71176a0
-
SHA1
31194364c3d612048147ebc6c72052294e1ea5ea
-
SHA256
addbfc18bea23d5c1a8f556a7c250622582471bcb58e6297ebb79bc0bf557340
-
SHA512
e9821a57a627dd8af9a535d667a5d1e30db2deab271ba9564f5a03e55738dccba00ffcb2f039e86adaec6227569a753b94937aba7fa4ec7df28149ff90e8badc
-
SSDEEP
384:UgJGJl7tj1MsagaF1+G5pdnGWmqDCbNhekcGBsbh0w4wlAokw9OhgOL1vYRGOZzy:g7nMsanZRnQqIXeOBKh0p29SgRaB
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-