General
-
Target
bd77ef3186d1cfc0b89a834f742eee6efe99d8a4bc2dbec694fcfaff7c30a10f
-
Size
23KB
-
Sample
221126-kmdtcafb55
-
MD5
e0d58f00a4ef29afc8f4b9fab7730fa2
-
SHA1
e047c93a6d5911344efa3dc932b77ef6c140e2ed
-
SHA256
bd77ef3186d1cfc0b89a834f742eee6efe99d8a4bc2dbec694fcfaff7c30a10f
-
SHA512
5d55835123613de27c464bd555d333fe235ad957f67885bcab7304151414c49654317daaa3c1c864f5741c2c84b78d7bc84922f516baf5ea296840260e27f30e
-
SSDEEP
384:vY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ2d:4L2s+tRyRpcnuF
Malware Config
Extracted
njrat
0.7d
1
x-devil50099005.ddns.net:5552
65d6e46c64951a1a3fd770cfd09c2de9
-
reg_key
65d6e46c64951a1a3fd770cfd09c2de9
-
splitter
|'|'|
Targets
-
-
Target
bd77ef3186d1cfc0b89a834f742eee6efe99d8a4bc2dbec694fcfaff7c30a10f
-
Size
23KB
-
MD5
e0d58f00a4ef29afc8f4b9fab7730fa2
-
SHA1
e047c93a6d5911344efa3dc932b77ef6c140e2ed
-
SHA256
bd77ef3186d1cfc0b89a834f742eee6efe99d8a4bc2dbec694fcfaff7c30a10f
-
SHA512
5d55835123613de27c464bd555d333fe235ad957f67885bcab7304151414c49654317daaa3c1c864f5741c2c84b78d7bc84922f516baf5ea296840260e27f30e
-
SSDEEP
384:vY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ2d:4L2s+tRyRpcnuF
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-