General
-
Target
fbc4b882917394844a749fc62963f8e270bd474fc6df8775a320d83d68764418
-
Size
29KB
-
Sample
221126-klm1maab2y
-
MD5
ca96dd9386e1d0197a068b229d039728
-
SHA1
3fd6e49fae0c2377431dc555dc762acc2e859e58
-
SHA256
fbc4b882917394844a749fc62963f8e270bd474fc6df8775a320d83d68764418
-
SHA512
d517ca5d1c93bd87de81909b50d5a30d33940f040478fb7b3cc99f6a5a2aefdaeb1fb55654b4f1c136d070d33665a689490eb1dde081d1788208759015c2f329
-
SSDEEP
384:GwIpl79TbsiKQ17H5FoQriWmqDGbLTecEGBsbh0w4wlAokw9OhgOL1vYRGOZzWZS:G7tsiKojBr8q63TeWBKh0p29SgRwS
Malware Config
Extracted
njrat
0.6.4
HacKed
adamkhattab.no-ip.biz:1177
cd9e051ed80df1a0c0b000059793bab8
-
reg_key
cd9e051ed80df1a0c0b000059793bab8
-
splitter
|'|'|
Targets
-
-
Target
fbc4b882917394844a749fc62963f8e270bd474fc6df8775a320d83d68764418
-
Size
29KB
-
MD5
ca96dd9386e1d0197a068b229d039728
-
SHA1
3fd6e49fae0c2377431dc555dc762acc2e859e58
-
SHA256
fbc4b882917394844a749fc62963f8e270bd474fc6df8775a320d83d68764418
-
SHA512
d517ca5d1c93bd87de81909b50d5a30d33940f040478fb7b3cc99f6a5a2aefdaeb1fb55654b4f1c136d070d33665a689490eb1dde081d1788208759015c2f329
-
SSDEEP
384:GwIpl79TbsiKQ17H5FoQriWmqDGbLTecEGBsbh0w4wlAokw9OhgOL1vYRGOZzWZS:G7tsiKojBr8q63TeWBKh0p29SgRwS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-