General
-
Target
b237ec675782b2838334ada129395bed05735f4a98aee73b298f5af1e7671d8a
-
Size
122KB
-
Sample
221123-syh67sce72
-
MD5
206014e7ab2fe5d041243825bce098a7
-
SHA1
0c0b60ae4221c0919d2416cfd0875b1952dce6b7
-
SHA256
b237ec675782b2838334ada129395bed05735f4a98aee73b298f5af1e7671d8a
-
SHA512
0a5639278217b5d867e00037f001764affb53a0108ae0d23d625b234031bf5b04deab80464ea40ca9223714ef5301c9067fea7ca6b8a3969cce4329009dcfb85
-
SSDEEP
3072:OQnBxmQr8ScHEdwrBhSa+c7iPM2mkOAHsM9R7:lsw6rbb+uYZ9R
Malware Config
Extracted
njrat
0.6.4
HacKed
ahmed-070.no-ip.biz:7777
57b6c8d9ab3bb159df550fcc8f61f6a2
-
reg_key
57b6c8d9ab3bb159df550fcc8f61f6a2
-
splitter
|'|'|
Targets
-
-
Target
b237ec675782b2838334ada129395bed05735f4a98aee73b298f5af1e7671d8a
-
Size
122KB
-
MD5
206014e7ab2fe5d041243825bce098a7
-
SHA1
0c0b60ae4221c0919d2416cfd0875b1952dce6b7
-
SHA256
b237ec675782b2838334ada129395bed05735f4a98aee73b298f5af1e7671d8a
-
SHA512
0a5639278217b5d867e00037f001764affb53a0108ae0d23d625b234031bf5b04deab80464ea40ca9223714ef5301c9067fea7ca6b8a3969cce4329009dcfb85
-
SSDEEP
3072:OQnBxmQr8ScHEdwrBhSa+c7iPM2mkOAHsM9R7:lsw6rbb+uYZ9R
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-