General
-
Target
10d94afee8a4ac453729e0a0a347b10e34f37709294da450c5a14f86f77395c1
-
Size
23KB
-
Sample
221123-lnwk8abh23
-
MD5
9f0ddcee6a0cf7c909f06279b674a8ac
-
SHA1
845cc9e425d60c2577512ae6bee03a1e66e5de41
-
SHA256
10d94afee8a4ac453729e0a0a347b10e34f37709294da450c5a14f86f77395c1
-
SHA512
07d560dc082ce24ce2b6c20500691b660b93f5868859427eba57ecd9a9652acccdee55115589baec7b6a755116f8fcdf467b2177b44a14af777a342bce0b9985
-
SSDEEP
384:CcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ4G:V30py6vhxaRpcnus
Malware Config
Extracted
njrat
0.7d
HacKed
fofa97.no-ip.biz:1164
288166edc4d26d8da429838f2d4d1098
-
reg_key
288166edc4d26d8da429838f2d4d1098
-
splitter
|'|'|
Targets
-
-
Target
10d94afee8a4ac453729e0a0a347b10e34f37709294da450c5a14f86f77395c1
-
Size
23KB
-
MD5
9f0ddcee6a0cf7c909f06279b674a8ac
-
SHA1
845cc9e425d60c2577512ae6bee03a1e66e5de41
-
SHA256
10d94afee8a4ac453729e0a0a347b10e34f37709294da450c5a14f86f77395c1
-
SHA512
07d560dc082ce24ce2b6c20500691b660b93f5868859427eba57ecd9a9652acccdee55115589baec7b6a755116f8fcdf467b2177b44a14af777a342bce0b9985
-
SSDEEP
384:CcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ4G:V30py6vhxaRpcnus
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-