General
-
Target
1f3aafcfa0f56068dfbf368cbafcf4382382d383bdd332b503e8d68563b81759
-
Size
188KB
-
Sample
221123-l2ql5ach35
-
MD5
10d3c80cd58214bdb6f8a7cd38b058a1
-
SHA1
d5a319c69d2323dd9890bb4f6e7bd85c0b8c2697
-
SHA256
1f3aafcfa0f56068dfbf368cbafcf4382382d383bdd332b503e8d68563b81759
-
SHA512
34a34586f60ad251e96848589351c95c80e6ea1dc8c22e37c006d8e2c5ce85947cf2b942658061bb42885f23be9c339ce7cdf2059d553a9d880b4ebe73223645
-
SSDEEP
3072:TDYGtp8ttt8f48aSokhUtuxyK+pa++iybxCt10Oiy3CWRJBPleyHsxq/:IGT48aSvODv+i4xC30Dy3CWRJJleyHk
Malware Config
Extracted
njrat
0.6.4
HacKed
slowburn.linkpc.net:6760
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
1f3aafcfa0f56068dfbf368cbafcf4382382d383bdd332b503e8d68563b81759
-
Size
188KB
-
MD5
10d3c80cd58214bdb6f8a7cd38b058a1
-
SHA1
d5a319c69d2323dd9890bb4f6e7bd85c0b8c2697
-
SHA256
1f3aafcfa0f56068dfbf368cbafcf4382382d383bdd332b503e8d68563b81759
-
SHA512
34a34586f60ad251e96848589351c95c80e6ea1dc8c22e37c006d8e2c5ce85947cf2b942658061bb42885f23be9c339ce7cdf2059d553a9d880b4ebe73223645
-
SSDEEP
3072:TDYGtp8ttt8f48aSokhUtuxyK+pa++iybxCt10Oiy3CWRJBPleyHsxq/:IGT48aSvODv+i4xC30Dy3CWRJJleyHk
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-