General
-
Target
e3f6501aaa3be057e71652fdf93468152af66cfe1b5a8a2f9160a574718d5fd3
-
Size
360KB
-
Sample
221123-lmzlgsfb8z
-
MD5
8fa430d15200fa6144308a89e197b592
-
SHA1
715be47225e20e324c5647a6b89fbeba462ef7e2
-
SHA256
e3f6501aaa3be057e71652fdf93468152af66cfe1b5a8a2f9160a574718d5fd3
-
SHA512
77b205f2d997c9f3fad307077d1b5d46bd7d687bf6059f0ee5ce897c9ba972dc3fc35c17e3db9a362dc6b9c48da7028134291d65cb77fcf0a42c72adf72a8490
-
SSDEEP
6144:G/ahq9fdsVc9yk9fPdzeGZndtGomtPdm5+S+oM/t7u022hoXA4huW5CsDniCQ4yT:h4fdFVZnd0omtFUk/A0h2uWAsjiCoFNb
Malware Config
Extracted
njrat
0.7d
HacKed
earnwhilehome.ddns.net:5552
3db166ddf8eda41ea0294b2b337cfbe9
-
reg_key
3db166ddf8eda41ea0294b2b337cfbe9
-
splitter
|'|'|
Targets
-
-
Target
e3f6501aaa3be057e71652fdf93468152af66cfe1b5a8a2f9160a574718d5fd3
-
Size
360KB
-
MD5
8fa430d15200fa6144308a89e197b592
-
SHA1
715be47225e20e324c5647a6b89fbeba462ef7e2
-
SHA256
e3f6501aaa3be057e71652fdf93468152af66cfe1b5a8a2f9160a574718d5fd3
-
SHA512
77b205f2d997c9f3fad307077d1b5d46bd7d687bf6059f0ee5ce897c9ba972dc3fc35c17e3db9a362dc6b9c48da7028134291d65cb77fcf0a42c72adf72a8490
-
SSDEEP
6144:G/ahq9fdsVc9yk9fPdzeGZndtGomtPdm5+S+oM/t7u022hoXA4huW5CsDniCQ4yT:h4fdFVZnd0omtFUk/A0h2uWAsjiCoFNb
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-