General
-
Target
a6667c7c56e9d98c3335bb7976ae6892fc6ea2011baacf3b4311ac2d9e4d9151
-
Size
194KB
-
Sample
221124-nydt9sbf79
-
MD5
a6491c74f152dbf34db1c80984c7dab1
-
SHA1
02a9fd990ef3cc2ac3a9005f537b36986596f142
-
SHA256
a6667c7c56e9d98c3335bb7976ae6892fc6ea2011baacf3b4311ac2d9e4d9151
-
SHA512
44b42550fa79f82d9bc79e39689c5dcb0d0b7ff6f99d0f7a407f1fe7cf0cbd0f222ead2dca54636d4c62c0275ab6a316dd8af51c434f24f8e3447d2cba42677c
-
SSDEEP
3072:1R557ZcKICt6zspXoYTqgc/dCpVW5XKRaMxS12/:ZnaYXXoYTqgcVZ56R5w12
Malware Config
Extracted
njrat
0.7d
ma
karkouba535.no-ip.biz:1177
a73924a566fd4f4b1613ad23b7dfc174
-
reg_key
a73924a566fd4f4b1613ad23b7dfc174
-
splitter
|'|'|
Targets
-
-
Target
a6667c7c56e9d98c3335bb7976ae6892fc6ea2011baacf3b4311ac2d9e4d9151
-
Size
194KB
-
MD5
a6491c74f152dbf34db1c80984c7dab1
-
SHA1
02a9fd990ef3cc2ac3a9005f537b36986596f142
-
SHA256
a6667c7c56e9d98c3335bb7976ae6892fc6ea2011baacf3b4311ac2d9e4d9151
-
SHA512
44b42550fa79f82d9bc79e39689c5dcb0d0b7ff6f99d0f7a407f1fe7cf0cbd0f222ead2dca54636d4c62c0275ab6a316dd8af51c434f24f8e3447d2cba42677c
-
SSDEEP
3072:1R557ZcKICt6zspXoYTqgc/dCpVW5XKRaMxS12/:ZnaYXXoYTqgcVZ56R5w12
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-