General
-
Target
fca4e0322a613497b0934b112222dfb55db4298890c8b99f0f45f7ebe46202cf
-
Size
465KB
-
Sample
221123-sywsasff6v
-
MD5
f866bedc70881974e7cf8441a5dc58d4
-
SHA1
74b9512fc01db7f30021c9b91ee3c5ad035884ab
-
SHA256
fca4e0322a613497b0934b112222dfb55db4298890c8b99f0f45f7ebe46202cf
-
SHA512
14a9d5f8664cbfaffd17c9a3bf833326954a814940024af7ad273fdc15f03bd323cd3af122a2c81a06ab4a316b40591d45ddb98898a23d2454a38821dd5fa1b4
-
SSDEEP
6144:ri5zcxSMIP4k2p2q8AsGbft/KAERibKOtHmDENnnnn12:+zcxyV2UEKOx
Malware Config
Extracted
njrat
0.7d
HacKed
sli.linkpc.net:1177
631bad1206a1948ceb0e76982249b2a4
-
reg_key
631bad1206a1948ceb0e76982249b2a4
-
splitter
|'|'|
Targets
-
-
Target
fca4e0322a613497b0934b112222dfb55db4298890c8b99f0f45f7ebe46202cf
-
Size
465KB
-
MD5
f866bedc70881974e7cf8441a5dc58d4
-
SHA1
74b9512fc01db7f30021c9b91ee3c5ad035884ab
-
SHA256
fca4e0322a613497b0934b112222dfb55db4298890c8b99f0f45f7ebe46202cf
-
SHA512
14a9d5f8664cbfaffd17c9a3bf833326954a814940024af7ad273fdc15f03bd323cd3af122a2c81a06ab4a316b40591d45ddb98898a23d2454a38821dd5fa1b4
-
SSDEEP
6144:ri5zcxSMIP4k2p2q8AsGbft/KAERibKOtHmDENnnnn12:+zcxyV2UEKOx
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-