General
-
Target
3e8d65e81df336aa3bac5b1d332e075fe48c2b6e256c004f1635168674883f28
-
Size
180KB
-
Sample
221123-lpkkcabh57
-
MD5
f76896af9cfc0316ef7f670c7f5ed927
-
SHA1
e536ae98ec304649f5bc9f18f9731e54f544228e
-
SHA256
3e8d65e81df336aa3bac5b1d332e075fe48c2b6e256c004f1635168674883f28
-
SHA512
9f9f904ccd867aa94b8822416641d105ecba9b2e67f9675e48303c696083b50c89f22f831faa9a6a6696004417d141a74ada77d40119c424eb546b47ec0197da
-
SSDEEP
3072:YbzRtQ/hKbSjSQgBp0kZlqTb/dtzDE+Khtntpsak8rDWtV+:YQoSqhZlQRtzDCt3t4
Malware Config
Extracted
njrat
0.7d
HacKed
0788878940.no-ip.org:55554
46123a2deb0d891e7972ee418c053b39
-
reg_key
46123a2deb0d891e7972ee418c053b39
-
splitter
|'|'|
Targets
-
-
Target
3e8d65e81df336aa3bac5b1d332e075fe48c2b6e256c004f1635168674883f28
-
Size
180KB
-
MD5
f76896af9cfc0316ef7f670c7f5ed927
-
SHA1
e536ae98ec304649f5bc9f18f9731e54f544228e
-
SHA256
3e8d65e81df336aa3bac5b1d332e075fe48c2b6e256c004f1635168674883f28
-
SHA512
9f9f904ccd867aa94b8822416641d105ecba9b2e67f9675e48303c696083b50c89f22f831faa9a6a6696004417d141a74ada77d40119c424eb546b47ec0197da
-
SSDEEP
3072:YbzRtQ/hKbSjSQgBp0kZlqTb/dtzDE+Khtntpsak8rDWtV+:YQoSqhZlQRtzDCt3t4
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-