General
-
Target
45420f1150a00fc1b74db78200c2d0e593e20a732586de6db59af7ba2a718715
-
Size
532KB
-
Sample
221123-s9d2magd9z
-
MD5
0e96867b9627a91f834acad0e7b84e25
-
SHA1
f9840c3a06ae977817ce14c831afd7c4ba7fabab
-
SHA256
45420f1150a00fc1b74db78200c2d0e593e20a732586de6db59af7ba2a718715
-
SHA512
966c3fb0cf56304d5919c894f5a8745156180fd82648b3241373918242791700cbca10f06d0cea49aaf386628a99f64c89df1db041677dc5134fdde17f29b1bd
-
SSDEEP
6144:g1vZOZy/rCdul/Iw3Vn9dX8lzEmJDl3roqm+kP7zMv893WfIQZKnFWH+Lfw0sh:PZkrCkl/Z9dA7loqcq08I8KFk/h
Malware Config
Extracted
njrat
0.7d
BILLY
withgod.hopper.pw:770
b84a37071759ef5cf75837e93f4b857b
-
reg_key
b84a37071759ef5cf75837e93f4b857b
-
splitter
|'|'|
Targets
-
-
Target
45420f1150a00fc1b74db78200c2d0e593e20a732586de6db59af7ba2a718715
-
Size
532KB
-
MD5
0e96867b9627a91f834acad0e7b84e25
-
SHA1
f9840c3a06ae977817ce14c831afd7c4ba7fabab
-
SHA256
45420f1150a00fc1b74db78200c2d0e593e20a732586de6db59af7ba2a718715
-
SHA512
966c3fb0cf56304d5919c894f5a8745156180fd82648b3241373918242791700cbca10f06d0cea49aaf386628a99f64c89df1db041677dc5134fdde17f29b1bd
-
SSDEEP
6144:g1vZOZy/rCdul/Iw3Vn9dX8lzEmJDl3roqm+kP7zMv893WfIQZKnFWH+Lfw0sh:PZkrCkl/Z9dA7loqcq08I8KFk/h
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-