General
-
Target
6021565a6ce591d4ba96e91548ffc32049a14fc6475a9ea21dc620cd8aad0c58
-
Size
851KB
-
Sample
221123-sybr5ace63
-
MD5
82f01d8c0b2d91ea436408cd47552a9b
-
SHA1
cf91ce41e81fae3447cc222379c39b24996b5c85
-
SHA256
6021565a6ce591d4ba96e91548ffc32049a14fc6475a9ea21dc620cd8aad0c58
-
SHA512
0111b9623b48e651918b7c445fd2c76d705f2349e853293dd585abab1f57008d44b70cadfcad55946eec87257edd9267c43003dcf6989feeeb62acdc44f1aa09
-
SSDEEP
24576:t9WOR12VcEw33nqhjisQiKLUvzD445D7vcUj:t9WObyGLLDKDH
Malware Config
Extracted
njrat
0.7d
HacKed
earnwhilehome.ddns.net:5552
3db166ddf8eda41ea0294b2b337cfbe9
-
reg_key
3db166ddf8eda41ea0294b2b337cfbe9
-
splitter
|'|'|
Targets
-
-
Target
6021565a6ce591d4ba96e91548ffc32049a14fc6475a9ea21dc620cd8aad0c58
-
Size
851KB
-
MD5
82f01d8c0b2d91ea436408cd47552a9b
-
SHA1
cf91ce41e81fae3447cc222379c39b24996b5c85
-
SHA256
6021565a6ce591d4ba96e91548ffc32049a14fc6475a9ea21dc620cd8aad0c58
-
SHA512
0111b9623b48e651918b7c445fd2c76d705f2349e853293dd585abab1f57008d44b70cadfcad55946eec87257edd9267c43003dcf6989feeeb62acdc44f1aa09
-
SSDEEP
24576:t9WOR12VcEw33nqhjisQiKLUvzD445D7vcUj:t9WObyGLLDKDH
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-