General
-
Target
e930e02bc4647e790310b342f44dda5bff079ff0ebe4f2ad624360fbb064e949
-
Size
23KB
-
Sample
221124-v4wetshg46
-
MD5
1f544a7ceb2cc4c868b1374b5991a15a
-
SHA1
97746526ee8cfa63a36f0da3775d4b7ff64adb38
-
SHA256
e930e02bc4647e790310b342f44dda5bff079ff0ebe4f2ad624360fbb064e949
-
SHA512
0cbcf963f17a3026012d99bd04b51fe0975ed35eebbbced5cd9b505b8d4934fac9fe0c8851152354b970b808e1ee61accce1dac8903c2c8acfe62d4ae4ca1521
-
SSDEEP
384:rwTSiYWD2Z7w3CsJeiecwJ3fw6FgzeAh33RtmRvR6JZlbw8hqIusZzZQl:mvZiBK1edJRpcnub
Malware Config
Extracted
njrat
0.7d
- 5Min
hiddenman.duckdns.org:5552
3360867c4461f88b6b57142fca68a212
-
reg_key
3360867c4461f88b6b57142fca68a212
-
splitter
|'|'|
Targets
-
-
Target
e930e02bc4647e790310b342f44dda5bff079ff0ebe4f2ad624360fbb064e949
-
Size
23KB
-
MD5
1f544a7ceb2cc4c868b1374b5991a15a
-
SHA1
97746526ee8cfa63a36f0da3775d4b7ff64adb38
-
SHA256
e930e02bc4647e790310b342f44dda5bff079ff0ebe4f2ad624360fbb064e949
-
SHA512
0cbcf963f17a3026012d99bd04b51fe0975ed35eebbbced5cd9b505b8d4934fac9fe0c8851152354b970b808e1ee61accce1dac8903c2c8acfe62d4ae4ca1521
-
SSDEEP
384:rwTSiYWD2Z7w3CsJeiecwJ3fw6FgzeAh33RtmRvR6JZlbw8hqIusZzZQl:mvZiBK1edJRpcnub
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-