General
-
Target
72688d88b6bdfb4f04955ed75006045aacb9de6948060dfa5505ca78a63346c6
-
Size
23KB
-
Sample
221126-kl8x4aab5s
-
MD5
cdf92f91faf572cb725365d2735a9ddc
-
SHA1
52a34f5d356a0cfeb25e8f04b3daf18fd7c02780
-
SHA256
72688d88b6bdfb4f04955ed75006045aacb9de6948060dfa5505ca78a63346c6
-
SHA512
aebdb8ed07ea1c0861ad4254fe05cff9085aa23483a2a3c25205ae9e259d258a10ec63a57549bfe4ace7cb15091c7782512f6b9a6bb3999dc549aefeaab079c5
-
SSDEEP
384:34Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZJZ:vOaxVULRpcnuk
Malware Config
Extracted
njrat
0.7d
Hackad
kingmalkawe8.no-ip.biz:1177
563dc7a986ccffe8ceee1dfeb426317e
-
reg_key
563dc7a986ccffe8ceee1dfeb426317e
-
splitter
|'|'|
Targets
-
-
Target
72688d88b6bdfb4f04955ed75006045aacb9de6948060dfa5505ca78a63346c6
-
Size
23KB
-
MD5
cdf92f91faf572cb725365d2735a9ddc
-
SHA1
52a34f5d356a0cfeb25e8f04b3daf18fd7c02780
-
SHA256
72688d88b6bdfb4f04955ed75006045aacb9de6948060dfa5505ca78a63346c6
-
SHA512
aebdb8ed07ea1c0861ad4254fe05cff9085aa23483a2a3c25205ae9e259d258a10ec63a57549bfe4ace7cb15091c7782512f6b9a6bb3999dc549aefeaab079c5
-
SSDEEP
384:34Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZJZ:vOaxVULRpcnuk
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-