General
-
Target
f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add
-
Size
706KB
-
Sample
221124-vgjgrabf2x
-
MD5
7d0221cfad4f0d35c17b7210b005b3ba
-
SHA1
6785c09aba569fa8c7faa6818d5243fe4e34cb2e
-
SHA256
f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add
-
SHA512
6b6943150f5580a45065c5ac2902bc41112331f6eca1e5ffbd5f448632375384e2cd0fcb6ce9fe042f1eddde1327e85d83965a170cd84a59bc12d9a6b4c50d9d
-
SSDEEP
12288:fD9/Y3algourr1tS2Q6bFi84Z5Tdr8Obg5:fh/Y3AgoGSx4yDt
Malware Config
Extracted
njrat
0.7d
HacKed
sidoa3.no-ip.biz:5552
5f2a3c9be5e573301d717ef17ad0d997
-
reg_key
5f2a3c9be5e573301d717ef17ad0d997
-
splitter
|'|'|
Targets
-
-
Target
f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add
-
Size
706KB
-
MD5
7d0221cfad4f0d35c17b7210b005b3ba
-
SHA1
6785c09aba569fa8c7faa6818d5243fe4e34cb2e
-
SHA256
f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add
-
SHA512
6b6943150f5580a45065c5ac2902bc41112331f6eca1e5ffbd5f448632375384e2cd0fcb6ce9fe042f1eddde1327e85d83965a170cd84a59bc12d9a6b4c50d9d
-
SSDEEP
12288:fD9/Y3algourr1tS2Q6bFi84Z5Tdr8Obg5:fh/Y3AgoGSx4yDt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-