General
-
Target
8533ef6f79e259e9e5fe7c28f1fcd372.exe
-
Size
227KB
-
Sample
221124-xcjcascc42
-
MD5
8533ef6f79e259e9e5fe7c28f1fcd372
-
SHA1
48c1f9b2a798a374b6e8c2e5fb655c19e5fa2ed3
-
SHA256
bbc8cabc1ba4f81d1ee316d3869ed8e61c91840cb533abee708a3099ab196470
-
SHA512
533facb9e64028915336f7a7035e726409279309b05d2cf1e6def878513a85f49a9119f09e53bcc8371ff5bc8f91474b67934773e3c6a7ad12c3778ffa3f2697
-
SSDEEP
3072:HSuZ00DVrF1rVcCPP+Tl6Ws5cUYTMExjHSTdMTfNlx35eRPG+79IwGrpc:J/2TAcZyOjNlri7Ww
Malware Config
Extracted
njrat
0.7d
HacKed
h43vipforyou.ddns.net:1177
869b16e2825dce24066aba38ee1a9add
-
reg_key
869b16e2825dce24066aba38ee1a9add
-
splitter
|'|'|
Targets
-
-
Target
8533ef6f79e259e9e5fe7c28f1fcd372.exe
-
Size
227KB
-
MD5
8533ef6f79e259e9e5fe7c28f1fcd372
-
SHA1
48c1f9b2a798a374b6e8c2e5fb655c19e5fa2ed3
-
SHA256
bbc8cabc1ba4f81d1ee316d3869ed8e61c91840cb533abee708a3099ab196470
-
SHA512
533facb9e64028915336f7a7035e726409279309b05d2cf1e6def878513a85f49a9119f09e53bcc8371ff5bc8f91474b67934773e3c6a7ad12c3778ffa3f2697
-
SSDEEP
3072:HSuZ00DVrF1rVcCPP+Tl6Ws5cUYTMExjHSTdMTfNlx35eRPG+79IwGrpc:J/2TAcZyOjNlri7Ww
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-