General
-
Target
10c97c414af76200d7215e5eba75ea1f983198157774a2cb7e8b8a3038a9375a
-
Size
23KB
-
Sample
221128-wn8wnaac7z
-
MD5
dc0f4c63ba49fd208db4e6c868bb530c
-
SHA1
7860145ad7f292917fd1f46483613959b7a8bbb1
-
SHA256
10c97c414af76200d7215e5eba75ea1f983198157774a2cb7e8b8a3038a9375a
-
SHA512
69a91aaf997dfd8d25de0b5690153c0bc39235b4e5cdd2c8e0b80af0de6fdc2a216714041850fb3c90db9aa90ac3c115681e2fa09858b06954de9a74c4ee1b49
-
SSDEEP
384:bMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZOVk:0b9glF51LRpcnuz+
Malware Config
Extracted
njrat
0.7d
-
updaterwindows.ddns.net:4655
e1101ea9134f28753126871032e4d25e
-
reg_key
e1101ea9134f28753126871032e4d25e
-
splitter
|'|'|
Targets
-
-
Target
10c97c414af76200d7215e5eba75ea1f983198157774a2cb7e8b8a3038a9375a
-
Size
23KB
-
MD5
dc0f4c63ba49fd208db4e6c868bb530c
-
SHA1
7860145ad7f292917fd1f46483613959b7a8bbb1
-
SHA256
10c97c414af76200d7215e5eba75ea1f983198157774a2cb7e8b8a3038a9375a
-
SHA512
69a91aaf997dfd8d25de0b5690153c0bc39235b4e5cdd2c8e0b80af0de6fdc2a216714041850fb3c90db9aa90ac3c115681e2fa09858b06954de9a74c4ee1b49
-
SSDEEP
384:bMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZOVk:0b9glF51LRpcnuz+
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-