General
-
Target
c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1
-
Size
23KB
-
Sample
221125-3ez1qahe3y
-
MD5
d116ef4d72d1f18eb289c90f6cdacc25
-
SHA1
d489491a8abaa46f52becbc65b7c5281fb132a21
-
SHA256
c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1
-
SHA512
f923ce8efa7fe92815942f5aa61d40e40ff4323d6b6cfa46ab1db95a1bbb6e9479e969c419ae99367213d79f11b22f865e81e45938a3cb06462df1ac0b956db4
-
SSDEEP
384:7pslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ1t:76eEvwIlLMRpcnus
Malware Config
Extracted
njrat
0.7d
HacKed
nahas.no-ip.org:200
93cd846be1ac2a1f71172fcb9325576b
-
reg_key
93cd846be1ac2a1f71172fcb9325576b
-
splitter
|'|'|
Targets
-
-
Target
c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1
-
Size
23KB
-
MD5
d116ef4d72d1f18eb289c90f6cdacc25
-
SHA1
d489491a8abaa46f52becbc65b7c5281fb132a21
-
SHA256
c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1
-
SHA512
f923ce8efa7fe92815942f5aa61d40e40ff4323d6b6cfa46ab1db95a1bbb6e9479e969c419ae99367213d79f11b22f865e81e45938a3cb06462df1ac0b956db4
-
SSDEEP
384:7pslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ1t:76eEvwIlLMRpcnus
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-