General
-
Target
af10e85ad8c18003326d07c577ec58478468b43aa4bf83d72c4bf9b7a93920a7
-
Size
219KB
-
Sample
221125-h3nmdadh3v
-
MD5
7e5832ee111b5d0b49d798470329a27a
-
SHA1
8a1b7a3b77a860a49912534304c2588fbd4ecc3a
-
SHA256
af10e85ad8c18003326d07c577ec58478468b43aa4bf83d72c4bf9b7a93920a7
-
SHA512
931163fdaf0c38149471cb2f086c1235fb13d072f461f51dafa87ec11370ef950389f218c9a0b26626eb3e5dd73d9a3188b63854f9f42a7af9ef664d6c416d32
-
SSDEEP
6144:8V8xLIQ/j6TIZNhGWaOF33OWSk4zKMToEUERvfQ4/B:woMHUHKOxO+4zKM8EUcH/
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
af10e85ad8c18003326d07c577ec58478468b43aa4bf83d72c4bf9b7a93920a7
-
Size
219KB
-
MD5
7e5832ee111b5d0b49d798470329a27a
-
SHA1
8a1b7a3b77a860a49912534304c2588fbd4ecc3a
-
SHA256
af10e85ad8c18003326d07c577ec58478468b43aa4bf83d72c4bf9b7a93920a7
-
SHA512
931163fdaf0c38149471cb2f086c1235fb13d072f461f51dafa87ec11370ef950389f218c9a0b26626eb3e5dd73d9a3188b63854f9f42a7af9ef664d6c416d32
-
SSDEEP
6144:8V8xLIQ/j6TIZNhGWaOF33OWSk4zKMToEUERvfQ4/B:woMHUHKOxO+4zKM8EUcH/
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-