General
-
Target
aeadaa52c390eb0d261e7452e4136fd917e347a9ffd8eee0f71d0b0a5fff3700
-
Size
23KB
-
Sample
221123-lnpgxafc31
-
MD5
dce35b0e4769409b8ec1564a216d208d
-
SHA1
48f8fc9599cc8ae6671099e84e5e8b2ff8af5b3d
-
SHA256
aeadaa52c390eb0d261e7452e4136fd917e347a9ffd8eee0f71d0b0a5fff3700
-
SHA512
66b557e11ef9e1cd837d1e8876f0efdc2a8674a5ed8e37c0bcceb5de78f16f6253493afc81cc213aac23f2a36b936e78359065c603e01abd6594623216c22206
-
SSDEEP
384:dMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZzS:FOaxVULRpcnuh
Malware Config
Extracted
njrat
0.7d
webhosting.no-ip.biz:1177
f80c58c81bb54cc02a5aa1df65019452
-
reg_key
f80c58c81bb54cc02a5aa1df65019452
-
splitter
|'|'|
Targets
-
-
Target
aeadaa52c390eb0d261e7452e4136fd917e347a9ffd8eee0f71d0b0a5fff3700
-
Size
23KB
-
MD5
dce35b0e4769409b8ec1564a216d208d
-
SHA1
48f8fc9599cc8ae6671099e84e5e8b2ff8af5b3d
-
SHA256
aeadaa52c390eb0d261e7452e4136fd917e347a9ffd8eee0f71d0b0a5fff3700
-
SHA512
66b557e11ef9e1cd837d1e8876f0efdc2a8674a5ed8e37c0bcceb5de78f16f6253493afc81cc213aac23f2a36b936e78359065c603e01abd6594623216c22206
-
SSDEEP
384:dMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZzS:FOaxVULRpcnuh
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-