General
-
Target
84faa407945e81b7ce708b39fdb4b7a0ae11b63d12f38f698193b975de4775a2
-
Size
158KB
-
Sample
221123-q32g8sfe76
-
MD5
a00ad941eea32fe3971a0b70da276bab
-
SHA1
9c12de462206b7376e3c08db7d1e9516b3e7a3de
-
SHA256
84faa407945e81b7ce708b39fdb4b7a0ae11b63d12f38f698193b975de4775a2
-
SHA512
5f6ccf620d0bca357e87ede9045c39ea9d9e42848469825b4a4f5ad7e4fbe383724efcc24ff3a9916326a2149a6960bbd5e67d19a17e44fedf1454517bcfbcfc
-
SSDEEP
3072:aF2ufrRcXi/6JIVPYHe0/b5cF4UQMnpW+uNa4YSgAjV/TTfFGsA:4frRD/VPwLG4YQacxPfFQ
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
84faa407945e81b7ce708b39fdb4b7a0ae11b63d12f38f698193b975de4775a2
-
Size
158KB
-
MD5
a00ad941eea32fe3971a0b70da276bab
-
SHA1
9c12de462206b7376e3c08db7d1e9516b3e7a3de
-
SHA256
84faa407945e81b7ce708b39fdb4b7a0ae11b63d12f38f698193b975de4775a2
-
SHA512
5f6ccf620d0bca357e87ede9045c39ea9d9e42848469825b4a4f5ad7e4fbe383724efcc24ff3a9916326a2149a6960bbd5e67d19a17e44fedf1454517bcfbcfc
-
SSDEEP
3072:aF2ufrRcXi/6JIVPYHe0/b5cF4UQMnpW+uNa4YSgAjV/TTfFGsA:4frRD/VPwLG4YQacxPfFQ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-