General
-
Target
aa0ee111ac78e794300c45a122fbaf42c9ae0b1df9366f9cc62d67ea9f797d31
-
Size
219KB
-
Sample
221123-zh94baga6y
-
MD5
e696169f58b17a5e0ae2f0224b9a863b
-
SHA1
ba078bc0b91335dec3f7bb87a70fc5bf58190b2c
-
SHA256
aa0ee111ac78e794300c45a122fbaf42c9ae0b1df9366f9cc62d67ea9f797d31
-
SHA512
19704abafdacf11fe1bd610125bb257926114c853355722a57b450a3816b04074899ad1fce7f92af9b3212b6bc6a70909aeaec4fa9fcfeab8b746536019a8fff
-
SSDEEP
6144:wV8xLIQ/j6TIZNhGWaOF33OWSkRgZFRJZi4mm:koMHUHKOxO+RSJZii
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
aa0ee111ac78e794300c45a122fbaf42c9ae0b1df9366f9cc62d67ea9f797d31
-
Size
219KB
-
MD5
e696169f58b17a5e0ae2f0224b9a863b
-
SHA1
ba078bc0b91335dec3f7bb87a70fc5bf58190b2c
-
SHA256
aa0ee111ac78e794300c45a122fbaf42c9ae0b1df9366f9cc62d67ea9f797d31
-
SHA512
19704abafdacf11fe1bd610125bb257926114c853355722a57b450a3816b04074899ad1fce7f92af9b3212b6bc6a70909aeaec4fa9fcfeab8b746536019a8fff
-
SSDEEP
6144:wV8xLIQ/j6TIZNhGWaOF33OWSkRgZFRJZi4mm:koMHUHKOxO+RSJZii
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-