General
-
Target
2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac
-
Size
219KB
-
Sample
221123-zjnlpsga9v
-
MD5
85ebf369d49d9c99e89dc08fa231076b
-
SHA1
18dddad13efaa3f29ac7f7d89992c6449b902ebb
-
SHA256
2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac
-
SHA512
d4f6f10d1e150ee51e3fb4c5a932ea63f079a17f50d846416b613b01790f4e76e993475190ea06583f77c4e387f685030aef7cc6f862b506aa63abacc4dd8241
-
SSDEEP
6144:mV8xLIQ/j6TIZNhGWaOF33OWSkU1/ptr+GWM0DVX:WoMHUHKOxO+or+VX
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac
-
Size
219KB
-
MD5
85ebf369d49d9c99e89dc08fa231076b
-
SHA1
18dddad13efaa3f29ac7f7d89992c6449b902ebb
-
SHA256
2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac
-
SHA512
d4f6f10d1e150ee51e3fb4c5a932ea63f079a17f50d846416b613b01790f4e76e993475190ea06583f77c4e387f685030aef7cc6f862b506aa63abacc4dd8241
-
SSDEEP
6144:mV8xLIQ/j6TIZNhGWaOF33OWSkU1/ptr+GWM0DVX:WoMHUHKOxO+or+VX
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-