General
-
Target
eeb4d8700a4795e2b84f7ae509f1ce0e62b4f525e354a21f45c66425b11f3ba9
-
Size
1003KB
-
Sample
221127-avc7nsfh29
-
MD5
7246a9eea074161e8ad973fd2906ed6e
-
SHA1
c204ca7a88601774f11e12daad47ec7d484e4e76
-
SHA256
eeb4d8700a4795e2b84f7ae509f1ce0e62b4f525e354a21f45c66425b11f3ba9
-
SHA512
7af1a680c26d6074e4b9660de14d5d9249057d4a6c7beec146ce1297163277a2e2e3cc091afeca4e8633ffc0c734c11fc18a82f3b368c1bcac52ce85c7e7413f
-
SSDEEP
24576:Z5VmxtbjHpREieEYWQh/NFnNSq2weE3/ld2pAgf:ZetbDpREieJWQh1FnNSUeE3/uDf
Malware Config
Extracted
njrat
0.7d
HacKed
fuckitup.duckdns.org:9500
0adadcdb5e6b6e26de0c7929b0a1d3d7
-
reg_key
0adadcdb5e6b6e26de0c7929b0a1d3d7
-
splitter
|'|'|
Targets
-
-
Target
eeb4d8700a4795e2b84f7ae509f1ce0e62b4f525e354a21f45c66425b11f3ba9
-
Size
1003KB
-
MD5
7246a9eea074161e8ad973fd2906ed6e
-
SHA1
c204ca7a88601774f11e12daad47ec7d484e4e76
-
SHA256
eeb4d8700a4795e2b84f7ae509f1ce0e62b4f525e354a21f45c66425b11f3ba9
-
SHA512
7af1a680c26d6074e4b9660de14d5d9249057d4a6c7beec146ce1297163277a2e2e3cc091afeca4e8633ffc0c734c11fc18a82f3b368c1bcac52ce85c7e7413f
-
SSDEEP
24576:Z5VmxtbjHpREieEYWQh/NFnNSq2weE3/ld2pAgf:ZetbDpREieJWQh1FnNSUeE3/uDf
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-