General
-
Target
151f1e943b65d61b4243cc03061ec7c2f9be074008d1e987e4246f3f3699cb57
-
Size
416KB
-
Sample
221128-xk3e5sda2y
-
MD5
83771882f3cadc168a06c5900c89a2fa
-
SHA1
ddaa5ba0394fa2dd41806c30aab9dcedcab3c856
-
SHA256
151f1e943b65d61b4243cc03061ec7c2f9be074008d1e987e4246f3f3699cb57
-
SHA512
4b54b280d74ef1fabe0fa1bb3444650570517b6a8079371794b6cb0ab077d2eb7c7bf0c080799d1338568ea690c51cafd071dbb3cf7afd30ed6da25f85a81ced
-
SSDEEP
6144:/V6JHMBmCeHXBzVdwvuePgSRDooIOq0gkiYpQ/:/cGoZeISRMmYYp
Malware Config
Extracted
njrat
0.7d
HacKed
aloneone91.hopper.pw:1991
5f5756082ee9ac1134f0cd5572ac803a
-
reg_key
5f5756082ee9ac1134f0cd5572ac803a
-
splitter
|'|'|
Targets
-
-
Target
151f1e943b65d61b4243cc03061ec7c2f9be074008d1e987e4246f3f3699cb57
-
Size
416KB
-
MD5
83771882f3cadc168a06c5900c89a2fa
-
SHA1
ddaa5ba0394fa2dd41806c30aab9dcedcab3c856
-
SHA256
151f1e943b65d61b4243cc03061ec7c2f9be074008d1e987e4246f3f3699cb57
-
SHA512
4b54b280d74ef1fabe0fa1bb3444650570517b6a8079371794b6cb0ab077d2eb7c7bf0c080799d1338568ea690c51cafd071dbb3cf7afd30ed6da25f85a81ced
-
SSDEEP
6144:/V6JHMBmCeHXBzVdwvuePgSRDooIOq0gkiYpQ/:/cGoZeISRMmYYp
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-