General
-
Target
1bbdff5a19a1e5d6b99e614c3ac5e91d865437553c255758a63eb48047e8d05e
-
Size
565KB
-
Sample
221125-exewhaba45
-
MD5
2dd799f19beed0c4ca1fe6890072ed49
-
SHA1
1ab76b72bb1de7284c4e980444867876ce90bc0b
-
SHA256
1bbdff5a19a1e5d6b99e614c3ac5e91d865437553c255758a63eb48047e8d05e
-
SHA512
1cd011696cf22598c76733d51feec134aa665bd3ab12f4c04e94db8cd672395d904822a1f1f6dfe039c99400f7a428ed7e6c759f4da883a60e2269478f39aa51
-
SSDEEP
12288:f5MhBkgAFOgCCCOsvFYCCCCfCOVBIs1gFheDiwlln/mg6eZA/+x/joyMEq:fFFOgCCCkCCCCfCqBRSFkZ1/mgF1WyML
Malware Config
Extracted
njrat
0.6.4
تنم
asel1996.no-ip.biz:1177
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
1bbdff5a19a1e5d6b99e614c3ac5e91d865437553c255758a63eb48047e8d05e
-
Size
565KB
-
MD5
2dd799f19beed0c4ca1fe6890072ed49
-
SHA1
1ab76b72bb1de7284c4e980444867876ce90bc0b
-
SHA256
1bbdff5a19a1e5d6b99e614c3ac5e91d865437553c255758a63eb48047e8d05e
-
SHA512
1cd011696cf22598c76733d51feec134aa665bd3ab12f4c04e94db8cd672395d904822a1f1f6dfe039c99400f7a428ed7e6c759f4da883a60e2269478f39aa51
-
SSDEEP
12288:f5MhBkgAFOgCCCOsvFYCCCCfCOVBIs1gFheDiwlln/mg6eZA/+x/joyMEq:fFFOgCCCkCCCCfCqBRSFkZ1/mgF1WyML
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-