General
-
Target
7a51dd1ae3199f593fd9aab27ce10f6257d2aba571816b436ec81fb6db364741
-
Size
122KB
-
Sample
221124-ez3ekscb3v
-
MD5
fa15c99662f72cf60d46df9156a347eb
-
SHA1
be345c03a10d160d67b4df5dc6e271d42b78850c
-
SHA256
7a51dd1ae3199f593fd9aab27ce10f6257d2aba571816b436ec81fb6db364741
-
SHA512
5ba6b293ebac87e8675115ed3e5d041bea25c2045ea37ed719995153f397efe2e36b3fd6851b4f7dbfb5ab597f415422682eb8d639382be23fef5290f8494a54
-
SSDEEP
384:g7luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZSU7s0Z:gEOmhtIiRpcnuIO
Malware Config
Extracted
njrat
0.7d
HacKed
abdullahackiran.no-ip.org:1177
0c8aec7405aafd3b26998be32214bdfa
-
reg_key
0c8aec7405aafd3b26998be32214bdfa
-
splitter
|'|'|
Targets
-
-
Target
7a51dd1ae3199f593fd9aab27ce10f6257d2aba571816b436ec81fb6db364741
-
Size
122KB
-
MD5
fa15c99662f72cf60d46df9156a347eb
-
SHA1
be345c03a10d160d67b4df5dc6e271d42b78850c
-
SHA256
7a51dd1ae3199f593fd9aab27ce10f6257d2aba571816b436ec81fb6db364741
-
SHA512
5ba6b293ebac87e8675115ed3e5d041bea25c2045ea37ed719995153f397efe2e36b3fd6851b4f7dbfb5ab597f415422682eb8d639382be23fef5290f8494a54
-
SSDEEP
384:g7luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZSU7s0Z:gEOmhtIiRpcnuIO
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-