General
-
Target
57910bc5597e7df03d4d1631bc836b92530ed5865d3ed9a05d5e2df8759d41a8
-
Size
117KB
-
Sample
221123-rk413sbh5t
-
MD5
54ef63adae22a3f65e31292fc73e0988
-
SHA1
bbb0a96f006a633bb1326b14958516b42f1d37cc
-
SHA256
57910bc5597e7df03d4d1631bc836b92530ed5865d3ed9a05d5e2df8759d41a8
-
SHA512
dcc82f1247cae2268ea5192e874f6836ca4548750067ec24b9b70706fb2118f9c54c92f4c1f726dc71775326e1151c7f1075316836c758f5f270efd61e028437
-
SSDEEP
3072:bC2FWOpfhDgaXBp2EIdXeAZqjHGcPjzqU+0VU:f02FxnIZetbXG+
Malware Config
Extracted
njrat
0.7d
hecked
tarikkungfeude.no-ip.biz:1177
ff5b36e94ed32112d022b6a1fe2be27e
-
reg_key
ff5b36e94ed32112d022b6a1fe2be27e
-
splitter
|'|'|
Targets
-
-
Target
57910bc5597e7df03d4d1631bc836b92530ed5865d3ed9a05d5e2df8759d41a8
-
Size
117KB
-
MD5
54ef63adae22a3f65e31292fc73e0988
-
SHA1
bbb0a96f006a633bb1326b14958516b42f1d37cc
-
SHA256
57910bc5597e7df03d4d1631bc836b92530ed5865d3ed9a05d5e2df8759d41a8
-
SHA512
dcc82f1247cae2268ea5192e874f6836ca4548750067ec24b9b70706fb2118f9c54c92f4c1f726dc71775326e1151c7f1075316836c758f5f270efd61e028437
-
SSDEEP
3072:bC2FWOpfhDgaXBp2EIdXeAZqjHGcPjzqU+0VU:f02FxnIZetbXG+
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-