General
-
Target
d371c690a44298c201a1ccabfc1b95b0b6a6ea4173500a23ec57093b0d039659
-
Size
151KB
-
Sample
221123-s9mc1add56
-
MD5
8f84ba13287f7ee0c93789149019d804
-
SHA1
ed79b8478aa8616336e7611f2ba26ce49cc8e501
-
SHA256
d371c690a44298c201a1ccabfc1b95b0b6a6ea4173500a23ec57093b0d039659
-
SHA512
4702ac59dfcb6ab95ea02ceb9943baec3afeb38c03cc748fc6a6af2de3d0ab84e90a6a4b142caf842f42433ef8bde6ee8032955a80a0282a0ed12a9b5f5543fa
-
SSDEEP
3072:tWudTyuuyrJ3BWIFUU99A5YzB/0V2DFP3IsS1PbQp+KQ:TiyrdrU498KpPrMbv
Malware Config
Extracted
njrat
0.7d
HacKed
visichatrooms.no-ip.info:92
8f804de644157aa7bac4cf1736c75287
-
reg_key
8f804de644157aa7bac4cf1736c75287
-
splitter
|'|'|
Targets
-
-
Target
d371c690a44298c201a1ccabfc1b95b0b6a6ea4173500a23ec57093b0d039659
-
Size
151KB
-
MD5
8f84ba13287f7ee0c93789149019d804
-
SHA1
ed79b8478aa8616336e7611f2ba26ce49cc8e501
-
SHA256
d371c690a44298c201a1ccabfc1b95b0b6a6ea4173500a23ec57093b0d039659
-
SHA512
4702ac59dfcb6ab95ea02ceb9943baec3afeb38c03cc748fc6a6af2de3d0ab84e90a6a4b142caf842f42433ef8bde6ee8032955a80a0282a0ed12a9b5f5543fa
-
SSDEEP
3072:tWudTyuuyrJ3BWIFUU99A5YzB/0V2DFP3IsS1PbQp+KQ:TiyrdrU498KpPrMbv
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-