General
-
Target
f2ed55cb985dc9394ae8460794150ddde3c2d1260945db5be187e4c8fd14e5a3
-
Size
852KB
-
Sample
221128-wtvwzsaf9v
-
MD5
9316bd73a66f56b9f4f64e34d0467e8d
-
SHA1
aeadf91b918546388e1a0995a29d09cf1ae766a7
-
SHA256
f2ed55cb985dc9394ae8460794150ddde3c2d1260945db5be187e4c8fd14e5a3
-
SHA512
1eb2535f2c6bf4b71fcd0efa345b9b04b5d77f391762967243282cb4908de4b67a05d8101e07bbc26fe66997169aec3beb0e3133a94e9b65a2e95f8077c4fb7b
-
SSDEEP
12288:zK2mhAMJ/cPl+tIQYVc5LWAg6rY9geN8h7UZYE82Y5UKUL4n4y3Xp3SbSl8g:22O/Gl+TnJW1h67g6zwm4m53Sb28g
Malware Config
Extracted
njrat
0.7d
BILLY
yorkiepet.ddns.net:770
76a35d262af152d236ee0f24e2916b15
-
reg_key
76a35d262af152d236ee0f24e2916b15
-
splitter
|'|'|
Targets
-
-
Target
f2ed55cb985dc9394ae8460794150ddde3c2d1260945db5be187e4c8fd14e5a3
-
Size
852KB
-
MD5
9316bd73a66f56b9f4f64e34d0467e8d
-
SHA1
aeadf91b918546388e1a0995a29d09cf1ae766a7
-
SHA256
f2ed55cb985dc9394ae8460794150ddde3c2d1260945db5be187e4c8fd14e5a3
-
SHA512
1eb2535f2c6bf4b71fcd0efa345b9b04b5d77f391762967243282cb4908de4b67a05d8101e07bbc26fe66997169aec3beb0e3133a94e9b65a2e95f8077c4fb7b
-
SSDEEP
12288:zK2mhAMJ/cPl+tIQYVc5LWAg6rY9geN8h7UZYE82Y5UKUL4n4y3Xp3SbSl8g:22O/Gl+TnJW1h67g6zwm4m53Sb28g
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-