General
-
Target
332ab7c26dfa9b217034ac999ee8ef8916efd6bf745b1ea91b33be5f4555f5af
-
Size
484KB
-
Sample
221123-rzve7ahh59
-
MD5
f64f86668f2abc6c7cdd4ae3318c96cb
-
SHA1
0343191d55e365c13b4eee6a4acb39248a0f05c9
-
SHA256
332ab7c26dfa9b217034ac999ee8ef8916efd6bf745b1ea91b33be5f4555f5af
-
SHA512
19a4abcd766ad054df93eeae68e4eb26ca992c393ad37f5cd1c371772bda89167a6b94be092b32c4e6610f7adeb1926fd1ff902de3acc670b661c28e1c18111b
-
SSDEEP
12288:CF0zfQlZ3HMCAMwPAshor2n62NLJRpCgplxEAfhq:CywM5ogg9WbpCgnxEAfM
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
332ab7c26dfa9b217034ac999ee8ef8916efd6bf745b1ea91b33be5f4555f5af
-
Size
484KB
-
MD5
f64f86668f2abc6c7cdd4ae3318c96cb
-
SHA1
0343191d55e365c13b4eee6a4acb39248a0f05c9
-
SHA256
332ab7c26dfa9b217034ac999ee8ef8916efd6bf745b1ea91b33be5f4555f5af
-
SHA512
19a4abcd766ad054df93eeae68e4eb26ca992c393ad37f5cd1c371772bda89167a6b94be092b32c4e6610f7adeb1926fd1ff902de3acc670b661c28e1c18111b
-
SSDEEP
12288:CF0zfQlZ3HMCAMwPAshor2n62NLJRpCgplxEAfhq:CywM5ogg9WbpCgnxEAfM
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-