General
-
Target
b94ea2a4ba60943be5abe2b11ede9442.exe
-
Size
37KB
-
Sample
221205-gqwlsaga4v
-
MD5
b94ea2a4ba60943be5abe2b11ede9442
-
SHA1
603fd44a999e270e36463b7a3cf82f30b3b3e10c
-
SHA256
8518b318def7cabe060d8639c6dc11076325e164a4faee7306f274a8abe1aa59
-
SHA512
9e03655c1fceabbcd9bd72cf44e377eb338e7b86fa942ddd3c27d91ba10c46141620eef87c402eaaf40b63df4d0370e14b1e761ac1edbbcbcbb078d36c6b95e8
-
SSDEEP
384:8SxcaCis//WRdL5kyc/p0P3XngacpMprAF+rMRTyN/0L+EcoinblneHQM3epzXWt:9xcUD5nc/p0f1c8rM+rMRa8Nu4nt
Malware Config
Extracted
njrat
im523
HacKed 3losh
0.tcp.in.ngrok.io:18640
b96c10ee24d9b0b6dd6b3d186c6a1b2b
-
reg_key
b96c10ee24d9b0b6dd6b3d186c6a1b2b
-
splitter
|'|'|
Targets
-
-
Target
b94ea2a4ba60943be5abe2b11ede9442.exe
-
Size
37KB
-
MD5
b94ea2a4ba60943be5abe2b11ede9442
-
SHA1
603fd44a999e270e36463b7a3cf82f30b3b3e10c
-
SHA256
8518b318def7cabe060d8639c6dc11076325e164a4faee7306f274a8abe1aa59
-
SHA512
9e03655c1fceabbcd9bd72cf44e377eb338e7b86fa942ddd3c27d91ba10c46141620eef87c402eaaf40b63df4d0370e14b1e761ac1edbbcbcbb078d36c6b95e8
-
SSDEEP
384:8SxcaCis//WRdL5kyc/p0P3XngacpMprAF+rMRTyN/0L+EcoinblneHQM3epzXWt:9xcUD5nc/p0f1c8rM+rMRa8Nu4nt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-