General
-
Target
be22d5e9ea48f2203921a25ba6f779dd3cc6df5dc3243a49339f8f49c24d5cea
-
Size
23KB
-
Sample
221126-kmnzbaab6z
-
MD5
4b3b9a592e77049bb692bfbfdf8ad0ec
-
SHA1
e77309e3c690863cedb5c420c1d88f543bab600a
-
SHA256
be22d5e9ea48f2203921a25ba6f779dd3cc6df5dc3243a49339f8f49c24d5cea
-
SHA512
62cb4d1093cbd1d595ac9f5c4cc288d28b34ad2805b845dff221a79fa6429bea9e6561688b2da8860d6c2f76925380e8c2d8791864bccb09d74438fa705540c5
-
SSDEEP
384:lcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZMRm:m30py6vhxaRpcnuS
Malware Config
Extracted
njrat
0.7d
ViC
adelame.no-ip.biz:1607
7824fc81dc33eff15e8eb4a8c62346f9
-
reg_key
7824fc81dc33eff15e8eb4a8c62346f9
-
splitter
|'|'|
Targets
-
-
Target
be22d5e9ea48f2203921a25ba6f779dd3cc6df5dc3243a49339f8f49c24d5cea
-
Size
23KB
-
MD5
4b3b9a592e77049bb692bfbfdf8ad0ec
-
SHA1
e77309e3c690863cedb5c420c1d88f543bab600a
-
SHA256
be22d5e9ea48f2203921a25ba6f779dd3cc6df5dc3243a49339f8f49c24d5cea
-
SHA512
62cb4d1093cbd1d595ac9f5c4cc288d28b34ad2805b845dff221a79fa6429bea9e6561688b2da8860d6c2f76925380e8c2d8791864bccb09d74438fa705540c5
-
SSDEEP
384:lcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZMRm:m30py6vhxaRpcnuS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-