General
-
Target
2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
-
Size
28KB
-
Sample
221123-lnmnbabg85
-
MD5
3492d6c98dd85f9abcc6c34cf4491998
-
SHA1
212d4d385f72d7906e3ea7832e5c720dc392021f
-
SHA256
2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
-
SHA512
bdfaf0e244355b12ffbf6e473a270d5247fbfb8b0960c1e478b866940956b8eb0088e9bc7699ecd0ada85b250224ba059c538618cf6f2ee4f6a8ffcfc8c66e31
-
SSDEEP
384:WCZ2hJl7tjrMSJIeURd545rCWmqDebDveoEGBsbh0w4wlAokw9OhgOL1vYRGOZzG:VM79MSJ07srcqETe6BKh0p29SgRj+t
Malware Config
Extracted
njrat
0.6.4
Đǿsħka ĦąĈķễr
ahmad-rimawi1998.zapto.org:1188
1ffcf52b0cd64d83554855bd6f04fc1f
-
reg_key
1ffcf52b0cd64d83554855bd6f04fc1f
-
splitter
|'|'|
Targets
-
-
Target
2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
-
Size
28KB
-
MD5
3492d6c98dd85f9abcc6c34cf4491998
-
SHA1
212d4d385f72d7906e3ea7832e5c720dc392021f
-
SHA256
2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
-
SHA512
bdfaf0e244355b12ffbf6e473a270d5247fbfb8b0960c1e478b866940956b8eb0088e9bc7699ecd0ada85b250224ba059c538618cf6f2ee4f6a8ffcfc8c66e31
-
SSDEEP
384:WCZ2hJl7tjrMSJIeURd545rCWmqDebDveoEGBsbh0w4wlAokw9OhgOL1vYRGOZzG:VM79MSJ07srcqETe6BKh0p29SgRj+t
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-