General
-
Target
9db196d8a6e32e728dbf851f2eeccce0dc7ccff6219ab76ade9b9fe7e2a2398a
-
Size
160KB
-
Sample
221124-cn82waba52
-
MD5
9fe7379c8a0a17a30599135aa45de063
-
SHA1
ad281660a1d5f129270df4b75dcf493d5a15dcc1
-
SHA256
9db196d8a6e32e728dbf851f2eeccce0dc7ccff6219ab76ade9b9fe7e2a2398a
-
SHA512
186a90132873c4dce99156b0ce456b2ea78989a2eeb7c33adc9caf7f2c0dbc246bfcbb31436878a96222217f41f88d2a59445cc33617d202b14f0453eb371262
-
SSDEEP
3072:f5PvaDd6GrJZe4X7jHsvfIN+1Vh/UtVmiljWMzrZI6vKi0JEswBb4kAlmVs4Jo0x:f0PsX1Fu8iLn
Malware Config
Extracted
njrat
0.7d
HacKed
masterhaxor786.no-ip.biz:2266
3aa149aec61c967d02e94eaa12efb196
-
reg_key
3aa149aec61c967d02e94eaa12efb196
-
splitter
|'|'|
Targets
-
-
Target
9db196d8a6e32e728dbf851f2eeccce0dc7ccff6219ab76ade9b9fe7e2a2398a
-
Size
160KB
-
MD5
9fe7379c8a0a17a30599135aa45de063
-
SHA1
ad281660a1d5f129270df4b75dcf493d5a15dcc1
-
SHA256
9db196d8a6e32e728dbf851f2eeccce0dc7ccff6219ab76ade9b9fe7e2a2398a
-
SHA512
186a90132873c4dce99156b0ce456b2ea78989a2eeb7c33adc9caf7f2c0dbc246bfcbb31436878a96222217f41f88d2a59445cc33617d202b14f0453eb371262
-
SSDEEP
3072:f5PvaDd6GrJZe4X7jHsvfIN+1Vh/UtVmiljWMzrZI6vKi0JEswBb4kAlmVs4Jo0x:f0PsX1Fu8iLn
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-