General
-
Target
e22b9ba600bea892bc6a39430e617537632804f64a0ce1a269c5d0feb31b7fe0
-
Size
296KB
-
Sample
221123-s4cllsda29
-
MD5
fa09172eea1553d4dd0e8ce477f5a8aa
-
SHA1
f2fcc5765e60ed002c8662b0d760ad865087744e
-
SHA256
e22b9ba600bea892bc6a39430e617537632804f64a0ce1a269c5d0feb31b7fe0
-
SHA512
a6d75abccdfa7851ab838e2a731fbeceee8f860cc3329279a7a66d6bbb8eaf17d83dba3201d47c122b1289482b59c881b482addbf8e8c0677fbb591f51b7a2da
-
SSDEEP
6144:rAwTKkUQK9qRgtZfD2ywM9r6o/AT59zMXd:0wuBQzCfD2A9mS859YXd
Malware Config
Extracted
njrat
0.6.4
HacKed
kurdistan1.no-ip.org:1156
f9e4a65adc9ac9bfc183c06c7f24ba19
-
reg_key
f9e4a65adc9ac9bfc183c06c7f24ba19
-
splitter
|'|'|
Targets
-
-
Target
e22b9ba600bea892bc6a39430e617537632804f64a0ce1a269c5d0feb31b7fe0
-
Size
296KB
-
MD5
fa09172eea1553d4dd0e8ce477f5a8aa
-
SHA1
f2fcc5765e60ed002c8662b0d760ad865087744e
-
SHA256
e22b9ba600bea892bc6a39430e617537632804f64a0ce1a269c5d0feb31b7fe0
-
SHA512
a6d75abccdfa7851ab838e2a731fbeceee8f860cc3329279a7a66d6bbb8eaf17d83dba3201d47c122b1289482b59c881b482addbf8e8c0677fbb591f51b7a2da
-
SSDEEP
6144:rAwTKkUQK9qRgtZfD2ywM9r6o/AT59zMXd:0wuBQzCfD2A9mS859YXd
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-