General
-
Target
918262180108f962670a5b413a00e8ff193fe50873a176f68241960dc62480d4
-
Size
23KB
-
Sample
221126-kl5knsab4z
-
MD5
7195a553b760af0b64a685f8dea1900d
-
SHA1
6c50a8f5357135e7f738664bf633e8bbc2cbeee8
-
SHA256
918262180108f962670a5b413a00e8ff193fe50873a176f68241960dc62480d4
-
SHA512
d67c1a715182dfc4945a210e64a305f02b227d78adf5731601bb774ed62fe9b91b547ad2a8f9fd4d331ccba1d347590cb8812b2e9af83b785925e59ca3e616f9
-
SSDEEP
384:E4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZ4dJ:GOaxVULRpcnut
Malware Config
Extracted
njrat
0.7d
hacke
yusifhacker123.no-ip.biz:5552
b5fa757354bbe4709ff7d91d5edc7795
-
reg_key
b5fa757354bbe4709ff7d91d5edc7795
-
splitter
|'|'|
Targets
-
-
Target
918262180108f962670a5b413a00e8ff193fe50873a176f68241960dc62480d4
-
Size
23KB
-
MD5
7195a553b760af0b64a685f8dea1900d
-
SHA1
6c50a8f5357135e7f738664bf633e8bbc2cbeee8
-
SHA256
918262180108f962670a5b413a00e8ff193fe50873a176f68241960dc62480d4
-
SHA512
d67c1a715182dfc4945a210e64a305f02b227d78adf5731601bb774ed62fe9b91b547ad2a8f9fd4d331ccba1d347590cb8812b2e9af83b785925e59ca3e616f9
-
SSDEEP
384:E4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZ4dJ:GOaxVULRpcnut
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-