General
-
Target
6f77e6bb5e73f2b3fb3c29e91fc396d7b534378e0d8ebbeba4d97dd776bf743e
-
Size
23KB
-
Sample
221126-pe7hxacd92
-
MD5
a30beb50f69d226d76c7d4c69b341b47
-
SHA1
ac5a3324495fd1fe88c7ef2e06a2567b90b8b9fb
-
SHA256
6f77e6bb5e73f2b3fb3c29e91fc396d7b534378e0d8ebbeba4d97dd776bf743e
-
SHA512
001e7cfdedc71cf8aa625b68c6b1f7f58bd029c99b47d7ea0d4ae09d82d529e106eafd26e2c6784b0f9e512642dc42914f9ddc52037bb88aaa89b9a76e607c32
-
SSDEEP
384:poWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZA3:+7O89p2rRpcnuZ
Malware Config
Extracted
njrat
0.7d
asd
shker.ddns.net:1177
82e3f507b111beb7b4c0adf2e82447ca
-
reg_key
82e3f507b111beb7b4c0adf2e82447ca
-
splitter
|'|'|
Targets
-
-
Target
6f77e6bb5e73f2b3fb3c29e91fc396d7b534378e0d8ebbeba4d97dd776bf743e
-
Size
23KB
-
MD5
a30beb50f69d226d76c7d4c69b341b47
-
SHA1
ac5a3324495fd1fe88c7ef2e06a2567b90b8b9fb
-
SHA256
6f77e6bb5e73f2b3fb3c29e91fc396d7b534378e0d8ebbeba4d97dd776bf743e
-
SHA512
001e7cfdedc71cf8aa625b68c6b1f7f58bd029c99b47d7ea0d4ae09d82d529e106eafd26e2c6784b0f9e512642dc42914f9ddc52037bb88aaa89b9a76e607c32
-
SSDEEP
384:poWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZA3:+7O89p2rRpcnuZ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-