General
-
Target
76e0df2fd7d0dec532cee2f1d6f9ebe6d50f4b38bf96eaa86fbcc76322a24cb6
-
Size
29KB
-
Sample
221204-r9742add4s
-
MD5
159801309c916babcfe7f65684aa95c0
-
SHA1
91722c36d3802d661deb71d956a168cbbf291557
-
SHA256
76e0df2fd7d0dec532cee2f1d6f9ebe6d50f4b38bf96eaa86fbcc76322a24cb6
-
SHA512
e002be89fd1526655e971dcf80bbad43a992573a0b5250fc55a918723d79f71a5d69ea0dffe36173f1cb40032d6c37d6b2ddab3eddbd44e15f731848b81808b4
-
SSDEEP
384:nNgJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOk:nd7nMsanzR+2cqEDveyBKh0p29SgRS5
Malware Config
Extracted
njrat
0.6.4
HacKed
ekhtouni.zapto.org:1177
60f0d0e0d2dd518d7530a18795742b3f
-
reg_key
60f0d0e0d2dd518d7530a18795742b3f
-
splitter
|'|'|
Targets
-
-
Target
76e0df2fd7d0dec532cee2f1d6f9ebe6d50f4b38bf96eaa86fbcc76322a24cb6
-
Size
29KB
-
MD5
159801309c916babcfe7f65684aa95c0
-
SHA1
91722c36d3802d661deb71d956a168cbbf291557
-
SHA256
76e0df2fd7d0dec532cee2f1d6f9ebe6d50f4b38bf96eaa86fbcc76322a24cb6
-
SHA512
e002be89fd1526655e971dcf80bbad43a992573a0b5250fc55a918723d79f71a5d69ea0dffe36173f1cb40032d6c37d6b2ddab3eddbd44e15f731848b81808b4
-
SSDEEP
384:nNgJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOk:nd7nMsanzR+2cqEDveyBKh0p29SgRS5
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-