General
-
Target
c9d944e5b381ba0475b88d52fa96b9d2690bbd3fa260aa24148625f024f2fc38
-
Size
29KB
-
Sample
221124-xzx4zagf9z
-
MD5
37c960b09fd5281ea1d11e799d98d5f0
-
SHA1
a33c6a07b4c38e0bf9850b501fd578292fe9bfe0
-
SHA256
c9d944e5b381ba0475b88d52fa96b9d2690bbd3fa260aa24148625f024f2fc38
-
SHA512
21cdf8680b7eb9518fc58aa9d55452cd549edc08790964da843986ed260afdcbf296061dfa0eb8f0e83122269c8786a5aa02d319e878327174e92165b0c8b478
-
SSDEEP
768:xUi71MHaSf0gsHwqIXeyBKh0p29SgR5H:x71miQBjKhG29j5H
Malware Config
Extracted
njrat
0.6.4
صالح كوباني vpn
freepage.sytes.net:1999
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
c9d944e5b381ba0475b88d52fa96b9d2690bbd3fa260aa24148625f024f2fc38
-
Size
29KB
-
MD5
37c960b09fd5281ea1d11e799d98d5f0
-
SHA1
a33c6a07b4c38e0bf9850b501fd578292fe9bfe0
-
SHA256
c9d944e5b381ba0475b88d52fa96b9d2690bbd3fa260aa24148625f024f2fc38
-
SHA512
21cdf8680b7eb9518fc58aa9d55452cd549edc08790964da843986ed260afdcbf296061dfa0eb8f0e83122269c8786a5aa02d319e878327174e92165b0c8b478
-
SSDEEP
768:xUi71MHaSf0gsHwqIXeyBKh0p29SgR5H:x71miQBjKhG29j5H
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-