General
-
Target
1515a653cfb925cfe8f7ea807a1a8a489a006adf19d13fb2af66a6b55875025e
-
Size
60KB
-
Sample
221126-3rva1ahb2x
-
MD5
b8a2d681b4c737c9b64e222646764b08
-
SHA1
c7ff9591bf47445b519a1a8abfb09280770bfaf8
-
SHA256
1515a653cfb925cfe8f7ea807a1a8a489a006adf19d13fb2af66a6b55875025e
-
SHA512
670fe83239aafeab5587220bc4c0c8d3ab6b3febb5c628bde6e9b7f97146fbced4a2bbd17a9b839bf9463392a07c9a6f7ec4a8ac7c487b67cef6f8c66394dcd9
-
SSDEEP
768:0NXVaC+4E9GzY3rgXGFF3q2Bum10aN+zQCHXdTDpFg557jiPxJs:0NXVaC+h9GzYcIF62B5LN2QEfeCk
Malware Config
Extracted
njrat
0.7d
Zombie
174.127.99.136:1604
98927efe1593653ae47d7e39110231c3
-
reg_key
98927efe1593653ae47d7e39110231c3
-
splitter
|'|'|
Targets
-
-
Target
1515a653cfb925cfe8f7ea807a1a8a489a006adf19d13fb2af66a6b55875025e
-
Size
60KB
-
MD5
b8a2d681b4c737c9b64e222646764b08
-
SHA1
c7ff9591bf47445b519a1a8abfb09280770bfaf8
-
SHA256
1515a653cfb925cfe8f7ea807a1a8a489a006adf19d13fb2af66a6b55875025e
-
SHA512
670fe83239aafeab5587220bc4c0c8d3ab6b3febb5c628bde6e9b7f97146fbced4a2bbd17a9b839bf9463392a07c9a6f7ec4a8ac7c487b67cef6f8c66394dcd9
-
SSDEEP
768:0NXVaC+4E9GzY3rgXGFF3q2Bum10aN+zQCHXdTDpFg557jiPxJs:0NXVaC+h9GzYcIF62B5LN2QEfeCk
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-