General
-
Target
43740f31d6b03b4967c588f75058cb066c6fd7873356e1f6daedb39f449276a3
-
Size
23KB
-
Sample
221123-lnqpzafc4v
-
MD5
40cda800e43b114bb9203406ecb8c8ad
-
SHA1
7297cac248e8ab5e40585bff16f32e21b876f910
-
SHA256
43740f31d6b03b4967c588f75058cb066c6fd7873356e1f6daedb39f449276a3
-
SHA512
8cb95ab8b412642bcba9a6bd2e5a47e95b65f6a20aff1bc8ad6f5cd2e1fcadcc1d1fa7234fd4fee12e42ad5b46466213f437221e2c4a9ac6df6ef395a2d41d1d
-
SSDEEP
384:CMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZz6:8OaxVULRpcnuB
Malware Config
Extracted
njrat
0.7d
webhosting.no-ip.biz:1177
f80c58c81bb54cc02a5aa1df65019452
-
reg_key
f80c58c81bb54cc02a5aa1df65019452
-
splitter
|'|'|
Targets
-
-
Target
43740f31d6b03b4967c588f75058cb066c6fd7873356e1f6daedb39f449276a3
-
Size
23KB
-
MD5
40cda800e43b114bb9203406ecb8c8ad
-
SHA1
7297cac248e8ab5e40585bff16f32e21b876f910
-
SHA256
43740f31d6b03b4967c588f75058cb066c6fd7873356e1f6daedb39f449276a3
-
SHA512
8cb95ab8b412642bcba9a6bd2e5a47e95b65f6a20aff1bc8ad6f5cd2e1fcadcc1d1fa7234fd4fee12e42ad5b46466213f437221e2c4a9ac6df6ef395a2d41d1d
-
SSDEEP
384:CMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZz6:8OaxVULRpcnuB
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-