General
-
Target
332fcdb473326bef8e0b5ee521dad16102b00e370d8398b418a1e95985b61cc6
-
Size
23KB
-
Sample
221126-kmhgjaab5z
-
MD5
8e79b6d1203f62e32b87a58f4768b08c
-
SHA1
627c9969d302863371d2ddcfbb1209b36a79e135
-
SHA256
332fcdb473326bef8e0b5ee521dad16102b00e370d8398b418a1e95985b61cc6
-
SHA512
479877a188731f5120a82c865f0b476fa2ce62012a5544364b305e3106d108ea1ef111e26366113bf2697a892dfe1b45b62b576a42aa7d5e6284f6eb0584c7e3
-
SSDEEP
384:zY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZr7:cL2s+tRyRpcnuM
Malware Config
Extracted
njrat
0.7d
Bot
smuktnet.ddns.net:5552
d5bf5ee18952025404f8d39dc09f66a5
-
reg_key
d5bf5ee18952025404f8d39dc09f66a5
-
splitter
|'|'|
Targets
-
-
Target
332fcdb473326bef8e0b5ee521dad16102b00e370d8398b418a1e95985b61cc6
-
Size
23KB
-
MD5
8e79b6d1203f62e32b87a58f4768b08c
-
SHA1
627c9969d302863371d2ddcfbb1209b36a79e135
-
SHA256
332fcdb473326bef8e0b5ee521dad16102b00e370d8398b418a1e95985b61cc6
-
SHA512
479877a188731f5120a82c865f0b476fa2ce62012a5544364b305e3106d108ea1ef111e26366113bf2697a892dfe1b45b62b576a42aa7d5e6284f6eb0584c7e3
-
SSDEEP
384:zY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZr7:cL2s+tRyRpcnuM
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-