General
-
Target
5f83d60717c1b6bd8c17a9180fcbdbe90fbe101b85e2647603551f5f5b79fc39
-
Size
29KB
-
Sample
221126-aafr3abd5x
-
MD5
28e6e183ad5e85c564b3c159cfce8bcf
-
SHA1
a5fcbdf62588ec083dbb819996698d525c71d972
-
SHA256
5f83d60717c1b6bd8c17a9180fcbdbe90fbe101b85e2647603551f5f5b79fc39
-
SHA512
01a39cb64692b6ba158371a4830f9c78e802cff91bb57b396d88a001b3a4a1b1d53535b719091661c072e9c458788100d85568a8b678d7c85742268f9879de17
-
SSDEEP
384:ZTUHEBl7p3hUw2s7hv55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZz/V:ZH7bUw2CtkEcqNreHBKh0p29SgRZL
Malware Config
Extracted
njrat
0.6.4
#OuT
unkdamas7.ddns.net:1177
12ce4e06a81e8d54fd01d9b762f1b1bb
-
reg_key
12ce4e06a81e8d54fd01d9b762f1b1bb
-
splitter
|'|'|
Targets
-
-
Target
5f83d60717c1b6bd8c17a9180fcbdbe90fbe101b85e2647603551f5f5b79fc39
-
Size
29KB
-
MD5
28e6e183ad5e85c564b3c159cfce8bcf
-
SHA1
a5fcbdf62588ec083dbb819996698d525c71d972
-
SHA256
5f83d60717c1b6bd8c17a9180fcbdbe90fbe101b85e2647603551f5f5b79fc39
-
SHA512
01a39cb64692b6ba158371a4830f9c78e802cff91bb57b396d88a001b3a4a1b1d53535b719091661c072e9c458788100d85568a8b678d7c85742268f9879de17
-
SSDEEP
384:ZTUHEBl7p3hUw2s7hv55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZz/V:ZH7bUw2CtkEcqNreHBKh0p29SgRZL
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-