General
-
Target
050a12ce219076e34128483478f8f227ab911b1743426b368630143d5db733af
-
Size
31KB
-
Sample
221205-thlg3ahd4z
-
MD5
587c8fe806c66acdde28b84ff2a9c8e0
-
SHA1
6024d735a7fc928c14832214b3aee9694c5ef461
-
SHA256
050a12ce219076e34128483478f8f227ab911b1743426b368630143d5db733af
-
SHA512
48cccc1352b1abf4154aae804775e872f8101fd075039dd58a4e459e47401e408b198576da041102f0d78f0232dbf8432d0900b1d61315195865edc8b6a91e33
-
SSDEEP
768:nD71oGc1FRVp74q8HesBKh0p29SgROvt:nD71IPkpZKhG29jOv
Malware Config
Extracted
njrat
0.6.4
HacKed
vpn-hacker.no-ip.biz:1177
8661dfc4f82434cf2194d7352e843241
-
reg_key
8661dfc4f82434cf2194d7352e843241
-
splitter
|'|'|
Targets
-
-
Target
050a12ce219076e34128483478f8f227ab911b1743426b368630143d5db733af
-
Size
31KB
-
MD5
587c8fe806c66acdde28b84ff2a9c8e0
-
SHA1
6024d735a7fc928c14832214b3aee9694c5ef461
-
SHA256
050a12ce219076e34128483478f8f227ab911b1743426b368630143d5db733af
-
SHA512
48cccc1352b1abf4154aae804775e872f8101fd075039dd58a4e459e47401e408b198576da041102f0d78f0232dbf8432d0900b1d61315195865edc8b6a91e33
-
SSDEEP
768:nD71oGc1FRVp74q8HesBKh0p29SgROvt:nD71IPkpZKhG29jOv
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-