General
-
Target
beb8d9619b3b016900226e8c797123b2710c82c9d8f1d20baecb0ffa089eb74c
-
Size
276KB
-
Sample
221125-v8e9eaga7v
-
MD5
2c6e1a9de503a7d08d02b6370501531b
-
SHA1
9e33bb585aa23045fb834c4023029c9ab4a28e99
-
SHA256
beb8d9619b3b016900226e8c797123b2710c82c9d8f1d20baecb0ffa089eb74c
-
SHA512
dad86e43844dbc0831886908d8e5bb30b1380c8733e4386671900409e73219b98988e40a04f0a90105e3e69f1e725794a26fe56436b4f40abd82b3b64f3d6ba3
-
SSDEEP
6144:6OBe0K5uUYVbcuKTlbGbpshywoul5K9x4FNADPETTEeLN:zbguGuwlbPhVlQINqVeLN
Malware Config
Extracted
njrat
0.7d
hunar83
farman33.no-ip.biz:5552
934765b6ad06834b303835a4e1d1d5a2
-
reg_key
934765b6ad06834b303835a4e1d1d5a2
-
splitter
|'|'|
Targets
-
-
Target
beb8d9619b3b016900226e8c797123b2710c82c9d8f1d20baecb0ffa089eb74c
-
Size
276KB
-
MD5
2c6e1a9de503a7d08d02b6370501531b
-
SHA1
9e33bb585aa23045fb834c4023029c9ab4a28e99
-
SHA256
beb8d9619b3b016900226e8c797123b2710c82c9d8f1d20baecb0ffa089eb74c
-
SHA512
dad86e43844dbc0831886908d8e5bb30b1380c8733e4386671900409e73219b98988e40a04f0a90105e3e69f1e725794a26fe56436b4f40abd82b3b64f3d6ba3
-
SSDEEP
6144:6OBe0K5uUYVbcuKTlbGbpshywoul5K9x4FNADPETTEeLN:zbguGuwlbPhVlQINqVeLN
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-