General
-
Target
38d7855ba14a71aacb625585bdb513f27b8a01a2fdd5beaf67a6b8cf4c753bf6
-
Size
29KB
-
Sample
221123-lnl2safc3y
-
MD5
0c9dbcee270ceab05706a20ef30f2776
-
SHA1
811b9ed6a58e2e170395b2408fa0f99a61d17ede
-
SHA256
38d7855ba14a71aacb625585bdb513f27b8a01a2fdd5beaf67a6b8cf4c753bf6
-
SHA512
2187eb40bf6aa46c271332bd6d3156d2e59cfd21c740e811280266eefd87dca4c921d7b4668d81cc68fe643c09b4a956906fce14d0d07a5db5ed5aec4103edcf
-
SSDEEP
384:yBgJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOW:yZ7nMsanzR+2cqEDveyBKh0p29SgRVC
Malware Config
Extracted
njrat
0.6.4
HacKed
kurdistan1.no-ip.org:1156
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
38d7855ba14a71aacb625585bdb513f27b8a01a2fdd5beaf67a6b8cf4c753bf6
-
Size
29KB
-
MD5
0c9dbcee270ceab05706a20ef30f2776
-
SHA1
811b9ed6a58e2e170395b2408fa0f99a61d17ede
-
SHA256
38d7855ba14a71aacb625585bdb513f27b8a01a2fdd5beaf67a6b8cf4c753bf6
-
SHA512
2187eb40bf6aa46c271332bd6d3156d2e59cfd21c740e811280266eefd87dca4c921d7b4668d81cc68fe643c09b4a956906fce14d0d07a5db5ed5aec4103edcf
-
SSDEEP
384:yBgJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOW:yZ7nMsanzR+2cqEDveyBKh0p29SgRVC
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-