General
-
Target
67eda2e2df252d8e8da71cbc0aca21e42b082d54d662b934775e478ec378bb09
-
Size
638KB
-
Sample
221123-zjdfqsga7v
-
MD5
d9f6bff1ee2812647e534b793b8a5b3e
-
SHA1
a6215720497667a69cc9a2f58eb826131ca05068
-
SHA256
67eda2e2df252d8e8da71cbc0aca21e42b082d54d662b934775e478ec378bb09
-
SHA512
cbe3c7ba9db6ad1509a4bb62b8cb9234874943ba23fbdb0d220c2c84b6ed95d0748c7216aadab9036a2b2dfe3d6b57d8648423cff74ed25211dbfd881001cd37
-
SSDEEP
12288:psTri9uod71pwGuB7DNnu5I1jhxgmZw1lb4K1ebqdpCAq/r1zhrWFumg2:psTrikod71pwGuB7DNnui1jbx051ebqm
Malware Config
Extracted
njrat
0.7d
HacKed
mehdimoro.ddns.net:5555
4aeed655f342a0295abb3112731f878a
-
reg_key
4aeed655f342a0295abb3112731f878a
-
splitter
|'|'|
Targets
-
-
Target
67eda2e2df252d8e8da71cbc0aca21e42b082d54d662b934775e478ec378bb09
-
Size
638KB
-
MD5
d9f6bff1ee2812647e534b793b8a5b3e
-
SHA1
a6215720497667a69cc9a2f58eb826131ca05068
-
SHA256
67eda2e2df252d8e8da71cbc0aca21e42b082d54d662b934775e478ec378bb09
-
SHA512
cbe3c7ba9db6ad1509a4bb62b8cb9234874943ba23fbdb0d220c2c84b6ed95d0748c7216aadab9036a2b2dfe3d6b57d8648423cff74ed25211dbfd881001cd37
-
SSDEEP
12288:psTri9uod71pwGuB7DNnu5I1jhxgmZw1lb4K1ebqdpCAq/r1zhrWFumg2:psTrikod71pwGuB7DNnui1jbx051ebqm
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-