General
-
Target
9a407f1dc58acb822bb2b8d5624a2b54bf5d82697227ff4d9f6bf9ab27e6fb4a
-
Size
219KB
-
Sample
221125-h745xsec31
-
MD5
d95d210d5304cf1e18be535ab1ae1b86
-
SHA1
04768ff08239eb89477f6d4d92a399f6e74018cd
-
SHA256
9a407f1dc58acb822bb2b8d5624a2b54bf5d82697227ff4d9f6bf9ab27e6fb4a
-
SHA512
bdd0104de693b6d9fad43f760a34281a4fc00754a76ce6d5947a85ac796974069e6090cac9ee85e55a92a44d429013ce633b4c4ebfdbff722fc8399f90ae3d38
-
SSDEEP
3072:D538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhH9R:DV8xLIQ/j6TIZNhGWaOF33OWSkH9
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
9a407f1dc58acb822bb2b8d5624a2b54bf5d82697227ff4d9f6bf9ab27e6fb4a
-
Size
219KB
-
MD5
d95d210d5304cf1e18be535ab1ae1b86
-
SHA1
04768ff08239eb89477f6d4d92a399f6e74018cd
-
SHA256
9a407f1dc58acb822bb2b8d5624a2b54bf5d82697227ff4d9f6bf9ab27e6fb4a
-
SHA512
bdd0104de693b6d9fad43f760a34281a4fc00754a76ce6d5947a85ac796974069e6090cac9ee85e55a92a44d429013ce633b4c4ebfdbff722fc8399f90ae3d38
-
SSDEEP
3072:D538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhH9R:DV8xLIQ/j6TIZNhGWaOF33OWSkH9
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-