General
-
Target
fa51b3f9f7dbd2afa4304c46a4510130cd40a28add2532d722b543bf864f5e48
-
Size
29KB
-
Sample
221125-24c2tage8w
-
MD5
805308c8764c6580933c60d75d82ee5b
-
SHA1
b8c516f232d0e2929414f7de05303fed1e5c1b0f
-
SHA256
fa51b3f9f7dbd2afa4304c46a4510130cd40a28add2532d722b543bf864f5e48
-
SHA512
594f3d646b3aff93554df05c3af41f2f4da3c32cf2fa0740a00d6d32968bb0972226f9789c8925034a65bcd987702d8a2e086a7474274ce120503d9d968e44cf
-
SSDEEP
384:1UHEBl7p3hUw2s7bD55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZzeZu:p7bUw2C3kEcqNreHBKh0p29SgRIu
Malware Config
Extracted
njrat
0.6.4
HacKed
ahyatezy15.no-ip.biz:1177
7c5ab2d4b3ee0e1b3e9cf876e75dff1f
-
reg_key
7c5ab2d4b3ee0e1b3e9cf876e75dff1f
-
splitter
|'|'|
Targets
-
-
Target
fa51b3f9f7dbd2afa4304c46a4510130cd40a28add2532d722b543bf864f5e48
-
Size
29KB
-
MD5
805308c8764c6580933c60d75d82ee5b
-
SHA1
b8c516f232d0e2929414f7de05303fed1e5c1b0f
-
SHA256
fa51b3f9f7dbd2afa4304c46a4510130cd40a28add2532d722b543bf864f5e48
-
SHA512
594f3d646b3aff93554df05c3af41f2f4da3c32cf2fa0740a00d6d32968bb0972226f9789c8925034a65bcd987702d8a2e086a7474274ce120503d9d968e44cf
-
SSDEEP
384:1UHEBl7p3hUw2s7bD55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZzeZu:p7bUw2C3kEcqNreHBKh0p29SgRIu
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-