General
-
Target
d3d55145b725f30b6b3c7cff500b0fcb2f1d2c00ef43dbdc1f81a905b7eff8e4
-
Size
3.4MB
-
Sample
221130-xxb4qaga83
-
MD5
7ef0468daf64cf55ea84b641ff713ddd
-
SHA1
1ec21e9e638947a8ed183d00dfab72e0d1127331
-
SHA256
d3d55145b725f30b6b3c7cff500b0fcb2f1d2c00ef43dbdc1f81a905b7eff8e4
-
SHA512
46d2ee7efdd263a2bdc3747f725ee1e2c58dfcce2ad3a0f9c4c4ec754c3b9ff2bf0e9f6be7172a3b06975783069caf3d9d0fb18d11b30037c7aa91baaf0a01dd
-
SSDEEP
98304:Nviz/27qWGq/TzuqCDl2Ptao7jjUUYW3N5:Nviq75/TzufKnN5
Malware Config
Extracted
njrat
im523
?
stallkermonolit9.ddns.net:6522
2090a55760d1c98654faa55422bdd11b
-
reg_key
2090a55760d1c98654faa55422bdd11b
-
splitter
|'|'|
Targets
-
-
Target
d3d55145b725f30b6b3c7cff500b0fcb2f1d2c00ef43dbdc1f81a905b7eff8e4
-
Size
3.4MB
-
MD5
7ef0468daf64cf55ea84b641ff713ddd
-
SHA1
1ec21e9e638947a8ed183d00dfab72e0d1127331
-
SHA256
d3d55145b725f30b6b3c7cff500b0fcb2f1d2c00ef43dbdc1f81a905b7eff8e4
-
SHA512
46d2ee7efdd263a2bdc3747f725ee1e2c58dfcce2ad3a0f9c4c4ec754c3b9ff2bf0e9f6be7172a3b06975783069caf3d9d0fb18d11b30037c7aa91baaf0a01dd
-
SSDEEP
98304:Nviz/27qWGq/TzuqCDl2Ptao7jjUUYW3N5:Nviq75/TzufKnN5
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-