General
-
Target
b19b00dd3fa38e697813259130d882e248ba27d324eca4f9d85a4144d101c2e2
-
Size
29KB
-
Sample
221123-lnm9vabg87
-
MD5
1944974b7191fb7fad0058e8136a9cb1
-
SHA1
ad931680d8a1c9ede6c20bbe3e754c9bc078d9ac
-
SHA256
b19b00dd3fa38e697813259130d882e248ba27d324eca4f9d85a4144d101c2e2
-
SHA512
94a8e36a9c096b1fd594ab06ee3072a8655322d7cbb0eb2d5173274408eaad01aa98ce0dccdcbc2ee24ebba51e07d0a794228f7f5e05a9c130d10c1d7835f9dd
-
SSDEEP
768:iQv/27NYsDkfZPoIqlHepBKh0p29SgRcY:3m7N143wEKhG29jcY
Malware Config
Extracted
njrat
0.6.4
HacKed
mrrah.zapto.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
b19b00dd3fa38e697813259130d882e248ba27d324eca4f9d85a4144d101c2e2
-
Size
29KB
-
MD5
1944974b7191fb7fad0058e8136a9cb1
-
SHA1
ad931680d8a1c9ede6c20bbe3e754c9bc078d9ac
-
SHA256
b19b00dd3fa38e697813259130d882e248ba27d324eca4f9d85a4144d101c2e2
-
SHA512
94a8e36a9c096b1fd594ab06ee3072a8655322d7cbb0eb2d5173274408eaad01aa98ce0dccdcbc2ee24ebba51e07d0a794228f7f5e05a9c130d10c1d7835f9dd
-
SSDEEP
768:iQv/27NYsDkfZPoIqlHepBKh0p29SgRcY:3m7N143wEKhG29jcY
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-