General
-
Target
01ca4a511d01a6d2da296bcd886b5a7f12548eafafb3b7ee5c82f91b661bdae7
-
Size
23KB
-
Sample
221125-f9617ahe5v
-
MD5
6e349712611b6af9755a5621437c36f1
-
SHA1
77080fa8a1bbf71fb43ab843c8cb4aa9dcea098a
-
SHA256
01ca4a511d01a6d2da296bcd886b5a7f12548eafafb3b7ee5c82f91b661bdae7
-
SHA512
b2771778cae7d621858c4b4f4f1541f5b72f3beb5b882b8b5b6eaf128a50d6365c12b0dbb4e16fbb640801b8dc06f1ceaf4effcc304139aa3331cef30eb728db
-
SSDEEP
384:Hx1MKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZsMU:Hx+W4V6+yDRpcnu2U
Malware Config
Extracted
njrat
0.7d
HK
nicedayforyou.ddns.net:3936
307e0729fd0c480ae867c3b39132f6b3
-
reg_key
307e0729fd0c480ae867c3b39132f6b3
-
splitter
|'|'|
Targets
-
-
Target
01ca4a511d01a6d2da296bcd886b5a7f12548eafafb3b7ee5c82f91b661bdae7
-
Size
23KB
-
MD5
6e349712611b6af9755a5621437c36f1
-
SHA1
77080fa8a1bbf71fb43ab843c8cb4aa9dcea098a
-
SHA256
01ca4a511d01a6d2da296bcd886b5a7f12548eafafb3b7ee5c82f91b661bdae7
-
SHA512
b2771778cae7d621858c4b4f4f1541f5b72f3beb5b882b8b5b6eaf128a50d6365c12b0dbb4e16fbb640801b8dc06f1ceaf4effcc304139aa3331cef30eb728db
-
SSDEEP
384:Hx1MKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZsMU:Hx+W4V6+yDRpcnu2U
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-