General
-
Target
3b669e517bce725d2f748bf2f19d5b3ac413a392a8348c8ac6005b3470746dd8
-
Size
23KB
-
Sample
221123-lntrmabg97
-
MD5
b22fa080349fa5de36f85319c60f08f4
-
SHA1
3d60153a988292a2b33b1ba23ef2c87861ddf9b2
-
SHA256
3b669e517bce725d2f748bf2f19d5b3ac413a392a8348c8ac6005b3470746dd8
-
SHA512
a4ffdc0e55160c73f9a2e782c67c0b9d75d6cbf854512c340142e6f76ebca774e99f095c584aa5c02201eb99da7902831c288af8153e30ed13b354ee4eac94f4
-
SSDEEP
384:pbY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZY7qq:pkL2s+tRyRpcnuX7p
Malware Config
Extracted
njrat
0.7d
nofa
isuero.no-ip.info:1990
b3d7dfeb8fa6d1f91b465daac2597bd1
-
reg_key
b3d7dfeb8fa6d1f91b465daac2597bd1
-
splitter
|'|'|
Targets
-
-
Target
3b669e517bce725d2f748bf2f19d5b3ac413a392a8348c8ac6005b3470746dd8
-
Size
23KB
-
MD5
b22fa080349fa5de36f85319c60f08f4
-
SHA1
3d60153a988292a2b33b1ba23ef2c87861ddf9b2
-
SHA256
3b669e517bce725d2f748bf2f19d5b3ac413a392a8348c8ac6005b3470746dd8
-
SHA512
a4ffdc0e55160c73f9a2e782c67c0b9d75d6cbf854512c340142e6f76ebca774e99f095c584aa5c02201eb99da7902831c288af8153e30ed13b354ee4eac94f4
-
SSDEEP
384:pbY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZY7qq:pkL2s+tRyRpcnuX7p
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-