General
-
Target
ac37ddbb2e053be6e50541a18b931833624e414726c0bafb9f46b0bb2b0ba190
-
Size
219KB
-
Sample
221123-zk1yesgb8z
-
MD5
5f6d7a07a69f9a96f48e69d8cde2160f
-
SHA1
60735f0b53017b000a7dc07c528f94b4615c4a9a
-
SHA256
ac37ddbb2e053be6e50541a18b931833624e414726c0bafb9f46b0bb2b0ba190
-
SHA512
f7c802bc1165a4691d75a68dc876ce80ed3b455b6d900a7a22762a1aa3cfdeccf842aa093720c99195813c79069af9f05f412fe2b1f2cc953b0461f819a18ea4
-
SSDEEP
3072:G538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQh/GjUFzAtdho0BxA:GV8xLIQ/j6TIZNhGWaOF33OWSk9FzA9
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
ac37ddbb2e053be6e50541a18b931833624e414726c0bafb9f46b0bb2b0ba190
-
Size
219KB
-
MD5
5f6d7a07a69f9a96f48e69d8cde2160f
-
SHA1
60735f0b53017b000a7dc07c528f94b4615c4a9a
-
SHA256
ac37ddbb2e053be6e50541a18b931833624e414726c0bafb9f46b0bb2b0ba190
-
SHA512
f7c802bc1165a4691d75a68dc876ce80ed3b455b6d900a7a22762a1aa3cfdeccf842aa093720c99195813c79069af9f05f412fe2b1f2cc953b0461f819a18ea4
-
SSDEEP
3072:G538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQh/GjUFzAtdho0BxA:GV8xLIQ/j6TIZNhGWaOF33OWSk9FzA9
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-