General
-
Target
afb23d4f75a2bd651483ba8fd262615695444ad9e7c23a6221dfda615f724fab
-
Size
29KB
-
Sample
221204-r982bshg84
-
MD5
5849d6d068ef8883de4586145fef8170
-
SHA1
c8ebd1f40a31ac0e5a93189159651cd9dc7d00a4
-
SHA256
afb23d4f75a2bd651483ba8fd262615695444ad9e7c23a6221dfda615f724fab
-
SHA512
1a855891ef73b2c81630b5295acd9105c4056c125fac2f56c17ed5708d2a2afa21fca30d2635b6a81bb1fe2ac52481becd7f9437558ca56eb26119b05d173b86
-
SSDEEP
768:xQv/27NYsDkfZPoIqlHepBKh0p29SgR5U:Sm7N143wEKhG29j5U
Malware Config
Extracted
njrat
0.6.4
HacKed
arbil.sytes.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
afb23d4f75a2bd651483ba8fd262615695444ad9e7c23a6221dfda615f724fab
-
Size
29KB
-
MD5
5849d6d068ef8883de4586145fef8170
-
SHA1
c8ebd1f40a31ac0e5a93189159651cd9dc7d00a4
-
SHA256
afb23d4f75a2bd651483ba8fd262615695444ad9e7c23a6221dfda615f724fab
-
SHA512
1a855891ef73b2c81630b5295acd9105c4056c125fac2f56c17ed5708d2a2afa21fca30d2635b6a81bb1fe2ac52481becd7f9437558ca56eb26119b05d173b86
-
SSDEEP
768:xQv/27NYsDkfZPoIqlHepBKh0p29SgR5U:Sm7N143wEKhG29j5U
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-