General
-
Target
f7f241394b49e87736ac0d4eb5998ef6d42b375e9e64b470b364213c88311e58
-
Size
219KB
-
Sample
221123-zpwjhadd96
-
MD5
82c872fe6cbbbec5da19a2f97d0f2741
-
SHA1
5cbfc12a9513e4a7a87c16df7e0d8b61c5e4a071
-
SHA256
f7f241394b49e87736ac0d4eb5998ef6d42b375e9e64b470b364213c88311e58
-
SHA512
99332f03923ddc20827b63f29d2b6ad9d1ab07e9e72a056452d2d982514202d5e603967b1f7d942a494add24c884c57ffa3a895587300a57ccd24837d3a43345
-
SSDEEP
6144:eV8xLIQ/j6TIZNhGWaOF33OWSkqBvc1xLn:OoMHUHKOxO+cvc1x
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
f7f241394b49e87736ac0d4eb5998ef6d42b375e9e64b470b364213c88311e58
-
Size
219KB
-
MD5
82c872fe6cbbbec5da19a2f97d0f2741
-
SHA1
5cbfc12a9513e4a7a87c16df7e0d8b61c5e4a071
-
SHA256
f7f241394b49e87736ac0d4eb5998ef6d42b375e9e64b470b364213c88311e58
-
SHA512
99332f03923ddc20827b63f29d2b6ad9d1ab07e9e72a056452d2d982514202d5e603967b1f7d942a494add24c884c57ffa3a895587300a57ccd24837d3a43345
-
SSDEEP
6144:eV8xLIQ/j6TIZNhGWaOF33OWSkqBvc1xLn:OoMHUHKOxO+cvc1x
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-