General
-
Target
406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf
-
Size
23KB
-
Sample
221123-lns54afc41
-
MD5
d169c120b9c6fbabb175f1161067d6ce
-
SHA1
c6dbd0d71f3c31982af14ff20640ead07d97d1c5
-
SHA256
406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf
-
SHA512
d04781c57e3a5113e9f17ad9921f3f8e0870cd73211f04c09cc860bb18ebb3a617bc9a8fe71ede1b5052b89e6c01d822f1696775682a3310016efbb3e0838e20
-
SSDEEP
384:4luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZdj:HOmhtIiRpcnuO
Malware Config
Extracted
njrat
0.7d
HacKed
i-br.noip.me:1177
096162c84c8a20735d7fce32fc6549c1
-
reg_key
096162c84c8a20735d7fce32fc6549c1
-
splitter
|'|'|
Targets
-
-
Target
406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf
-
Size
23KB
-
MD5
d169c120b9c6fbabb175f1161067d6ce
-
SHA1
c6dbd0d71f3c31982af14ff20640ead07d97d1c5
-
SHA256
406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf
-
SHA512
d04781c57e3a5113e9f17ad9921f3f8e0870cd73211f04c09cc860bb18ebb3a617bc9a8fe71ede1b5052b89e6c01d822f1696775682a3310016efbb3e0838e20
-
SSDEEP
384:4luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZdj:HOmhtIiRpcnuO
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-