General
-
Target
85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
-
Size
56KB
-
Sample
221123-q3mn3sae9t
-
MD5
6ec722039c95fda117a7a8e37057c689
-
SHA1
924187760a08fe76aca2c83d222009f4310a9736
-
SHA256
85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
-
SHA512
4d3e947a4a7ba7306ca14dcf0c071d1ee7d7526e7fefe5f2179626ca97d781d94f7c8207a142d6e00d43d0975abbc67ebd4817360033c04a4e3e23e0ef359b2a
-
SSDEEP
768:G/sgxcAtCL90oWAktUOqWTRHV/oZkTXyxnPurcrxT/fnF+l7R5sTgbOluT:cxc6CLeoWA5ZWTRHCZkOtzfstRe+OlO
Malware Config
Extracted
njrat
0.6.4
US ACCOUNT
212.7.208.123:6020
93f19dda2412c86ad7520ba4198f39a0
-
reg_key
93f19dda2412c86ad7520ba4198f39a0
-
splitter
|'|'|
Targets
-
-
Target
85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
-
Size
56KB
-
MD5
6ec722039c95fda117a7a8e37057c689
-
SHA1
924187760a08fe76aca2c83d222009f4310a9736
-
SHA256
85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
-
SHA512
4d3e947a4a7ba7306ca14dcf0c071d1ee7d7526e7fefe5f2179626ca97d781d94f7c8207a142d6e00d43d0975abbc67ebd4817360033c04a4e3e23e0ef359b2a
-
SSDEEP
768:G/sgxcAtCL90oWAktUOqWTRHV/oZkTXyxnPurcrxT/fnF+l7R5sTgbOluT:cxc6CLeoWA5ZWTRHCZkOtzfstRe+OlO
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-