General
-
Target
7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
-
Size
1.2MB
-
Sample
221124-3dmn1afc55
-
MD5
2aa9a6fedcd536a0863a2040772cf11d
-
SHA1
2b8e4757d46aa38e5cbafe0cd64cbb4409f09507
-
SHA256
7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
-
SHA512
3fef57b72dfeafba37a1ab78aad232315fca4f078fdd3ef2f84e20f9e9cb99e84ac522a47704ba041f6fcc1d06bd96f41f2c19c61c6fe9b15de6a173a5dfbbd9
-
SSDEEP
12288:MgadJfTztJr15d2swcOekReZWml4R8cov2tSUJnS9Yss40HQ3TBqqvrLrZTP57l:Yd98+0vAUJnAjBHvr/ZTP57
Malware Config
Extracted
njrat
0.6.4
HacKed
joker1787.no-ip.biz:1984
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
-
Size
1.2MB
-
MD5
2aa9a6fedcd536a0863a2040772cf11d
-
SHA1
2b8e4757d46aa38e5cbafe0cd64cbb4409f09507
-
SHA256
7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
-
SHA512
3fef57b72dfeafba37a1ab78aad232315fca4f078fdd3ef2f84e20f9e9cb99e84ac522a47704ba041f6fcc1d06bd96f41f2c19c61c6fe9b15de6a173a5dfbbd9
-
SSDEEP
12288:MgadJfTztJr15d2swcOekReZWml4R8cov2tSUJnS9Yss40HQ3TBqqvrLrZTP57l:Yd98+0vAUJnAjBHvr/ZTP57
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-