General
-
Target
6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30
-
Size
23KB
-
Sample
221123-lnp4fafc4t
-
MD5
2bb520083b309e707cb5945078a222bf
-
SHA1
e938d4a49e753851654bb38a0a3c76229a376644
-
SHA256
6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30
-
SHA512
7cb15aaaa9435259d47a0eafadb3dd68f3028d99412d6e50be4c3a3efd255a063f857deaf5c96e3cae5e8439403de5b9a192e161ca881abf76584072ebea0d72
-
SSDEEP
384:q4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZsZ:YOaxVULRpcnuH
Malware Config
Extracted
njrat
0.7d
HacKed
mohamadmanasha2.mooo.com:1177
69302eabe39ac5984e1bddc55b165ff5
-
reg_key
69302eabe39ac5984e1bddc55b165ff5
-
splitter
|'|'|
Targets
-
-
Target
6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30
-
Size
23KB
-
MD5
2bb520083b309e707cb5945078a222bf
-
SHA1
e938d4a49e753851654bb38a0a3c76229a376644
-
SHA256
6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30
-
SHA512
7cb15aaaa9435259d47a0eafadb3dd68f3028d99412d6e50be4c3a3efd255a063f857deaf5c96e3cae5e8439403de5b9a192e161ca881abf76584072ebea0d72
-
SSDEEP
384:q4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZsZ:YOaxVULRpcnuH
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-