General
-
Target
86b3e6f0c24d0485aec47415c89e3b370f6b5c9b87dc17414282a00054301084
-
Size
219KB
-
Sample
221123-zjmdmsga9s
-
MD5
a7a1660f6ab4e48738218692dd35c503
-
SHA1
5f69b1ec7cb049b294d69f8c2639cd2725571b02
-
SHA256
86b3e6f0c24d0485aec47415c89e3b370f6b5c9b87dc17414282a00054301084
-
SHA512
e928c6c2deedb550dd2fe8b9d5c3bd727859ff0b4744aed7b4a289e9bd64b995bb648dfcd48e932ab5ce178cec6fd547673dfc9b90a98dbb56f7c287b1d7080c
-
SSDEEP
3072:h538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhsDymtkHRWzgIa:hV8xLIQ/j6TIZNhGWaOF33OWSkotOYt
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
86b3e6f0c24d0485aec47415c89e3b370f6b5c9b87dc17414282a00054301084
-
Size
219KB
-
MD5
a7a1660f6ab4e48738218692dd35c503
-
SHA1
5f69b1ec7cb049b294d69f8c2639cd2725571b02
-
SHA256
86b3e6f0c24d0485aec47415c89e3b370f6b5c9b87dc17414282a00054301084
-
SHA512
e928c6c2deedb550dd2fe8b9d5c3bd727859ff0b4744aed7b4a289e9bd64b995bb648dfcd48e932ab5ce178cec6fd547673dfc9b90a98dbb56f7c287b1d7080c
-
SSDEEP
3072:h538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhsDymtkHRWzgIa:hV8xLIQ/j6TIZNhGWaOF33OWSkotOYt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-