General
-
Target
0758802cb74e0411ae04d92413b2ef480be06d6c11992f9cad30f8285b1de360
-
Size
752KB
-
Sample
221123-k3q4lsaa78
-
MD5
9e6499f5082ed6f9111385c46b1d9ba4
-
SHA1
8f8c4979a3da04c7747554677936c219653f139f
-
SHA256
0758802cb74e0411ae04d92413b2ef480be06d6c11992f9cad30f8285b1de360
-
SHA512
d4a3e875262b4edc5ae7d5bc038d2bb720f37aaa209144a0f5f1088f068bd51050e18ad4acda1daa2a903109d2308bd395b9bc8db40c292351d23f5f3afa71dc
-
SSDEEP
12288:zOGZcZxHMr1OaQzfa9dXJvKaoPRvYrySWx8Zwfi53QH/Wuo+0GMqM7Ffb5:zOGZiE1OJr6XJvKnZvaWxC3Mzo+nNe
Malware Config
Extracted
njrat
0.7d
HacKed
umang.chickenkiller.com:553
0353c9dc7f300a6eea7548de1eb123a5
-
reg_key
0353c9dc7f300a6eea7548de1eb123a5
-
splitter
|'|'|
Targets
-
-
Target
0758802cb74e0411ae04d92413b2ef480be06d6c11992f9cad30f8285b1de360
-
Size
752KB
-
MD5
9e6499f5082ed6f9111385c46b1d9ba4
-
SHA1
8f8c4979a3da04c7747554677936c219653f139f
-
SHA256
0758802cb74e0411ae04d92413b2ef480be06d6c11992f9cad30f8285b1de360
-
SHA512
d4a3e875262b4edc5ae7d5bc038d2bb720f37aaa209144a0f5f1088f068bd51050e18ad4acda1daa2a903109d2308bd395b9bc8db40c292351d23f5f3afa71dc
-
SSDEEP
12288:zOGZcZxHMr1OaQzfa9dXJvKaoPRvYrySWx8Zwfi53QH/Wuo+0GMqM7Ffb5:zOGZiE1OJr6XJvKnZvaWxC3Mzo+nNe
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-