General
-
Target
e36766cb435fd0eea2d5b2ec5052030d9fd3b1e470d5ca26844ba99a43dfe680
-
Size
23KB
-
Sample
221126-kmmfgsab6w
-
MD5
ddf135f90d6bde9ffd92e504adae16dd
-
SHA1
b25519d342d3e08ae52b58828aeaaafd64163249
-
SHA256
e36766cb435fd0eea2d5b2ec5052030d9fd3b1e470d5ca26844ba99a43dfe680
-
SHA512
a5d4b8fef10ecc62a37e5246ec9d5df481935b9dbd7dce4519162b3cb7ebc081ba2134c470f0a4018a975048107a2a40092d09c38687829e94be47f63790119e
-
SSDEEP
384:dcqbCK0l4h7o9SVyDGvENuh46JgJkOmMSW38mRvR6JZlbw8hqIusZzZMRg:O30py6vnxaRpcnuU
Malware Config
Extracted
njrat
0.7d
ViC
adelame.no-ip.biz:1607
7824fc81dc33eff15e8eb4a8c62346f9
-
reg_key
7824fc81dc33eff15e8eb4a8c62346f9
-
splitter
|'|'|
Targets
-
-
Target
e36766cb435fd0eea2d5b2ec5052030d9fd3b1e470d5ca26844ba99a43dfe680
-
Size
23KB
-
MD5
ddf135f90d6bde9ffd92e504adae16dd
-
SHA1
b25519d342d3e08ae52b58828aeaaafd64163249
-
SHA256
e36766cb435fd0eea2d5b2ec5052030d9fd3b1e470d5ca26844ba99a43dfe680
-
SHA512
a5d4b8fef10ecc62a37e5246ec9d5df481935b9dbd7dce4519162b3cb7ebc081ba2134c470f0a4018a975048107a2a40092d09c38687829e94be47f63790119e
-
SSDEEP
384:dcqbCK0l4h7o9SVyDGvENuh46JgJkOmMSW38mRvR6JZlbw8hqIusZzZMRg:O30py6vnxaRpcnuU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-