General
-
Target
9387753971c8b749b4edef686758f94018543fc84c65975eff71a5daefd98494
-
Size
368KB
-
Sample
221124-ez314scb3x
-
MD5
ad0fa345b71a76b8d15c94bec1a1f4f6
-
SHA1
f029a767679d8f203d3b631e79b9391a9d7c1879
-
SHA256
9387753971c8b749b4edef686758f94018543fc84c65975eff71a5daefd98494
-
SHA512
670aa1273c71e9fde7a5e8093d6e9c9dc743c5b87cf9cdeb31d30c9059e77511595abfe791d824eca1f012ad55ea08b3c4c518ee2ae92deaa22ac96480190f14
-
SSDEEP
3072:60py5k0ogEyQdvbj/AbOlm+Qm2Ij8uluvXLonyAKaLap2F3glH/EHnPBM3ZwCr2B:
Malware Config
Extracted
njrat
0.7d
HacKed
185.20.224.121:80
ab66a766385428849b68a77f294c8ace
-
reg_key
ab66a766385428849b68a77f294c8ace
-
splitter
|'|'|
Targets
-
-
Target
9387753971c8b749b4edef686758f94018543fc84c65975eff71a5daefd98494
-
Size
368KB
-
MD5
ad0fa345b71a76b8d15c94bec1a1f4f6
-
SHA1
f029a767679d8f203d3b631e79b9391a9d7c1879
-
SHA256
9387753971c8b749b4edef686758f94018543fc84c65975eff71a5daefd98494
-
SHA512
670aa1273c71e9fde7a5e8093d6e9c9dc743c5b87cf9cdeb31d30c9059e77511595abfe791d824eca1f012ad55ea08b3c4c518ee2ae92deaa22ac96480190f14
-
SSDEEP
3072:60py5k0ogEyQdvbj/AbOlm+Qm2Ij8uluvXLonyAKaLap2F3glH/EHnPBM3ZwCr2B:
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-