General
-
Target
77acbe378169fbbdd6d1d8b456f58b9452aebe2cb55511103047afcc47ec0b73
-
Size
29KB
-
Sample
221125-jgx5cseh9w
-
MD5
dba468345f78e9f5e972aed6b33d055b
-
SHA1
5661659f423804d082d5d018a8d050e09c146354
-
SHA256
77acbe378169fbbdd6d1d8b456f58b9452aebe2cb55511103047afcc47ec0b73
-
SHA512
852d5f15e831d247b02f4fc2292c150d5597cddc2ee620a1f918782d30066979775ded56e2aaa3694a6ddc723afc7c568ff7cb3f6e7c37822cb81eb6fa50a2c6
-
SSDEEP
384:VSItl77FDFucYfKQCcvVt5Th3iOmqD8lTeY6GBsbh0w4wlAokw9OhgOL1vYRGOZy:D77ucYfKQT7z3sq4TewBKh0p29SgRnW
Malware Config
Extracted
njrat
0.6.4
HacKed
danamuhammad12.no-ip.org:1177
dae31c02cb06222e776b9ccb9207edb1
-
reg_key
dae31c02cb06222e776b9ccb9207edb1
-
splitter
|'|'|
Targets
-
-
Target
77acbe378169fbbdd6d1d8b456f58b9452aebe2cb55511103047afcc47ec0b73
-
Size
29KB
-
MD5
dba468345f78e9f5e972aed6b33d055b
-
SHA1
5661659f423804d082d5d018a8d050e09c146354
-
SHA256
77acbe378169fbbdd6d1d8b456f58b9452aebe2cb55511103047afcc47ec0b73
-
SHA512
852d5f15e831d247b02f4fc2292c150d5597cddc2ee620a1f918782d30066979775ded56e2aaa3694a6ddc723afc7c568ff7cb3f6e7c37822cb81eb6fa50a2c6
-
SSDEEP
384:VSItl77FDFucYfKQCcvVt5Th3iOmqD8lTeY6GBsbh0w4wlAokw9OhgOL1vYRGOZy:D77ucYfKQT7z3sq4TewBKh0p29SgRnW
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-