General
-
Target
d7bb2d4aa5180fea7d4d83ead4c1b58e7ba57b02166b94c2581391a43b2ba279
-
Size
873KB
-
Sample
221128-spvtmsgh8z
-
MD5
592d7e07011a75a47ad84b4a0054222a
-
SHA1
a1e0f2ac27f6e9e749061b7070620c549b3769f2
-
SHA256
d7bb2d4aa5180fea7d4d83ead4c1b58e7ba57b02166b94c2581391a43b2ba279
-
SHA512
cc8ae98b0fa0a46c10c71676007738ddd5867f6beb9ba0e748b7907a508b5f719014e4c4855f72ff5f15808f286daf17c5853134a432b5d4715f0502af5de0fc
-
SSDEEP
12288:Ztb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga1lSOD6A:Ztb20pkaCqT5TBWgNQ7aXSOD6A
Malware Config
Extracted
njrat
0.7d
Em
markben390.no-ip.org:1337
9fef715de4fae73de5b4a6c7f69fe158
-
reg_key
9fef715de4fae73de5b4a6c7f69fe158
-
splitter
|'|'|
Targets
-
-
Target
d7bb2d4aa5180fea7d4d83ead4c1b58e7ba57b02166b94c2581391a43b2ba279
-
Size
873KB
-
MD5
592d7e07011a75a47ad84b4a0054222a
-
SHA1
a1e0f2ac27f6e9e749061b7070620c549b3769f2
-
SHA256
d7bb2d4aa5180fea7d4d83ead4c1b58e7ba57b02166b94c2581391a43b2ba279
-
SHA512
cc8ae98b0fa0a46c10c71676007738ddd5867f6beb9ba0e748b7907a508b5f719014e4c4855f72ff5f15808f286daf17c5853134a432b5d4715f0502af5de0fc
-
SSDEEP
12288:Ztb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga1lSOD6A:Ztb20pkaCqT5TBWgNQ7aXSOD6A
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-