General
-
Target
60d1b5788fba05133d3cc74cb4f37833b4d3099b.exe
-
Size
552KB
-
Sample
221130-lchj8aba61
-
MD5
de0b39e21d4e5847b3cb5169e3906b9c
-
SHA1
60d1b5788fba05133d3cc74cb4f37833b4d3099b
-
SHA256
d7d0bc493a595023fe6ad9f55afea962fc4c56914b1dff3cffb076b519eb871d
-
SHA512
14f3c5f388c669f3541b714425575a31550cb2d9df493cd7dd099179b81908f920d941e62d899ca0334d536b23e2142b32f416419511239d72915e209a8841b2
-
SSDEEP
12288:jYV6MorX7qzuC3QHO9FQVHPF51jgclZk1cXjn3tV:gBXu9HGaVHl61cz3tV
Malware Config
Extracted
njrat
05-05
686ad7b41c3e0813b292ed03c5ac4666
-
reg_key
686ad7b41c3e0813b292ed03c5ac4666
Targets
-
-
Target
60d1b5788fba05133d3cc74cb4f37833b4d3099b.exe
-
Size
552KB
-
MD5
de0b39e21d4e5847b3cb5169e3906b9c
-
SHA1
60d1b5788fba05133d3cc74cb4f37833b4d3099b
-
SHA256
d7d0bc493a595023fe6ad9f55afea962fc4c56914b1dff3cffb076b519eb871d
-
SHA512
14f3c5f388c669f3541b714425575a31550cb2d9df493cd7dd099179b81908f920d941e62d899ca0334d536b23e2142b32f416419511239d72915e209a8841b2
-
SSDEEP
12288:jYV6MorX7qzuC3QHO9FQVHPF51jgclZk1cXjn3tV:gBXu9HGaVHl61cz3tV
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-