General
-
Target
8aa812bb472d92cefbb2bbe22fbfa445e993fa84f8214bb1f6e87dfcdb291bad
-
Size
947KB
-
Sample
221124-jj9aeahd95
-
MD5
a63e3e2699a34514ffaa2a4402acaaae
-
SHA1
b75ca6f5342fcb8456b81189871c3653f91e6dd8
-
SHA256
8aa812bb472d92cefbb2bbe22fbfa445e993fa84f8214bb1f6e87dfcdb291bad
-
SHA512
c60dd61f44f2dde816299deee1e02c075df9da37c835da27396a16bf81250ce746edbf5748fbe3178b83c19c867b76f92ed059555ca38511fb19cae88fd3cc9a
-
SSDEEP
24576:jlDvGPs3MDQTI+Qifw0+IRpdmXw+1Z7axh6iKY:jxvGPs3McTI+QV0R1mxC6iKY
Malware Config
Extracted
njrat
0.7d
fego HacKed
max900.no-ip.org:5552
Skype
-
reg_key
Skype
-
splitter
|'|'|
Targets
-
-
Target
8aa812bb472d92cefbb2bbe22fbfa445e993fa84f8214bb1f6e87dfcdb291bad
-
Size
947KB
-
MD5
a63e3e2699a34514ffaa2a4402acaaae
-
SHA1
b75ca6f5342fcb8456b81189871c3653f91e6dd8
-
SHA256
8aa812bb472d92cefbb2bbe22fbfa445e993fa84f8214bb1f6e87dfcdb291bad
-
SHA512
c60dd61f44f2dde816299deee1e02c075df9da37c835da27396a16bf81250ce746edbf5748fbe3178b83c19c867b76f92ed059555ca38511fb19cae88fd3cc9a
-
SSDEEP
24576:jlDvGPs3MDQTI+Qifw0+IRpdmXw+1Z7axh6iKY:jxvGPs3McTI+QV0R1mxC6iKY
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-