General
-
Target
18338bf825f684cce1d32efe4235a68a5e4e8ea45d0a24e4c7acd0d567f024a7.zip
-
Size
16KB
-
Sample
221130-jtylnaeb3y
-
MD5
9a06186e502ff7bd6c5726840a7986a5
-
SHA1
7479332da7e73401a0c1b74fb4e238ad0a37bd86
-
SHA256
bb275efe987656e50d442adbe6d0f155cad772ac17a071791d95e915967326b8
-
SHA512
4ea8d6742af10c4806ec391822696a0a0075be191b0136f135a911eba8dcd6255deaa39c183dc366030c5f5610fc4c2e6cc0544d2a8ffb2d46c0045ddc7a27f8
-
SSDEEP
384:QPMc3waVI9QxtrtT9nA4AGn2hhue3gOOh3s+02:QPdwDQxT9nAwUunOycg
Malware Config
Extracted
njrat
im523
HacKed 3losh
0.tcp.in.ngrok.io:15504
ced1621ea00a5a9e7d1eccb768e51a97
-
reg_key
ced1621ea00a5a9e7d1eccb768e51a97
-
splitter
|'|'|
Targets
-
-
Target
18338bf825f684cce1d32efe4235a68a5e4e8ea45d0a24e4c7acd0d567f024a7.exe
-
Size
37KB
-
MD5
482823e5ed50aa22827d8dc5b6cf0736
-
SHA1
6a9952352d63fe341317ddf811b097014ec3b4c7
-
SHA256
18338bf825f684cce1d32efe4235a68a5e4e8ea45d0a24e4c7acd0d567f024a7
-
SHA512
3d67b76bf5a2c5c0f80a59994f2ea2ce58a6517f14b11627987370de5695b53ecea1876bc61f155ec1064022fd362043a254ba90f573b49366461f611590c09b
-
SSDEEP
384:PSxcaCis//WRdL5kyc/p0P3XngacpMprAF+rMRTyN/0L+EcoinblneHQM3epzX84:6xcUD5nc/p0f1c8rM+rMRa8NuaIt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-