General
-
Target
568097c7465680d1fcede9788b1226266b28f86522cc8630d1f7bedb2c84f8f4
-
Size
54KB
-
Sample
221127-t64csafg8y
-
MD5
828c84060984c00605ac9c89d83dff71
-
SHA1
eee2dfa35ef74d9d27dfd2bc7d0d45f5f5e85c1a
-
SHA256
568097c7465680d1fcede9788b1226266b28f86522cc8630d1f7bedb2c84f8f4
-
SHA512
2caa482833ef4fc50217d6276fd52aebd6d102a3410fc3c41280e170ca38e87258761f710ab34a2114373506fb1751a9c501ad404e89405d01794fdef7a72d4e
-
SSDEEP
768:Pn2MHF3lFdS7kxStmaiTrM+rMRa8NugPtQvViHqcCr:PnpF3lPS4xStEs+gRJNX0Dxr
Malware Config
Extracted
njrat
im523
Ratatouille
nndmb-42891.portmap.host:42891
cd82c2cc4ef9f6cee6f8aa9412365ea4
-
reg_key
cd82c2cc4ef9f6cee6f8aa9412365ea4
-
splitter
|'|'|
Targets
-
-
Target
568097c7465680d1fcede9788b1226266b28f86522cc8630d1f7bedb2c84f8f4
-
Size
54KB
-
MD5
828c84060984c00605ac9c89d83dff71
-
SHA1
eee2dfa35ef74d9d27dfd2bc7d0d45f5f5e85c1a
-
SHA256
568097c7465680d1fcede9788b1226266b28f86522cc8630d1f7bedb2c84f8f4
-
SHA512
2caa482833ef4fc50217d6276fd52aebd6d102a3410fc3c41280e170ca38e87258761f710ab34a2114373506fb1751a9c501ad404e89405d01794fdef7a72d4e
-
SSDEEP
768:Pn2MHF3lFdS7kxStmaiTrM+rMRa8NugPtQvViHqcCr:PnpF3lPS4xStEs+gRJNX0Dxr
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-