General
-
Target
9ce152d52a75e3638c7b6f2f5203bb83dd7459ccb4dfc31fa69d8a55381fbf2e
-
Size
49KB
-
Sample
221127-mlr1paae64
-
MD5
0b501df18e007b62d5547315e78c966c
-
SHA1
bbb6b8207e9d4abea8b185ee1e8109c49f32e529
-
SHA256
9ce152d52a75e3638c7b6f2f5203bb83dd7459ccb4dfc31fa69d8a55381fbf2e
-
SHA512
aad4711d44ee2fecfca593e96c2629cc92a55d0ba2ba4f90c39eddcc13aafbc01a19dbdecd3cd56881b186f73fcab5f1c538afa0645ab0ba51f413b98ba4d908
-
SSDEEP
768:ipe4Aaa6S8Xctg05Is64ifwIbPP+S4DXNNE5Hsic2Gu7UyP24tPuR4bk8pPMEDtz:ipe4ta8XgIxBPmHTE5xe0YR7ckKNn
Malware Config
Extracted
njrat
0.7d
HacKed
3arabi.ddns.net:1177
91876f55cd38de2882ec1620e4d8c699
-
reg_key
91876f55cd38de2882ec1620e4d8c699
-
splitter
|'|'|
Targets
-
-
Target
9ce152d52a75e3638c7b6f2f5203bb83dd7459ccb4dfc31fa69d8a55381fbf2e
-
Size
49KB
-
MD5
0b501df18e007b62d5547315e78c966c
-
SHA1
bbb6b8207e9d4abea8b185ee1e8109c49f32e529
-
SHA256
9ce152d52a75e3638c7b6f2f5203bb83dd7459ccb4dfc31fa69d8a55381fbf2e
-
SHA512
aad4711d44ee2fecfca593e96c2629cc92a55d0ba2ba4f90c39eddcc13aafbc01a19dbdecd3cd56881b186f73fcab5f1c538afa0645ab0ba51f413b98ba4d908
-
SSDEEP
768:ipe4Aaa6S8Xctg05Is64ifwIbPP+S4DXNNE5Hsic2Gu7UyP24tPuR4bk8pPMEDtz:ipe4ta8XgIxBPmHTE5xe0YR7ckKNn
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-