General
-
Target
1a32989d5a4f6d15588242f1ef8a22d8.exe
-
Size
23KB
-
Sample
221205-xel6zaaa4z
-
MD5
1a32989d5a4f6d15588242f1ef8a22d8
-
SHA1
02d933d2513fa70a46ca89082027752b6db2d899
-
SHA256
d10d2da128b79ed62720da7dd3bf03a72519d755575ec4b0b18c51b1b0879c5d
-
SHA512
cff44db241af8b3decd1857a90dffdb6d0d6f7518b95dd931422596bb03d0ffbb9cb1ec0d129d61cc514742e74c4ca547d2bfa6286fa31647577de3e5ee79620
-
SSDEEP
384:cDQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZcDq:cU5yBVd7Rpcnu2
Malware Config
Extracted
njrat
0.7d
Lammer
donaldsvip1234.ddns.net:1177
b37250e28d5e084b62b0aec8b915940b
-
reg_key
b37250e28d5e084b62b0aec8b915940b
-
splitter
|'|'|
Targets
-
-
Target
1a32989d5a4f6d15588242f1ef8a22d8.exe
-
Size
23KB
-
MD5
1a32989d5a4f6d15588242f1ef8a22d8
-
SHA1
02d933d2513fa70a46ca89082027752b6db2d899
-
SHA256
d10d2da128b79ed62720da7dd3bf03a72519d755575ec4b0b18c51b1b0879c5d
-
SHA512
cff44db241af8b3decd1857a90dffdb6d0d6f7518b95dd931422596bb03d0ffbb9cb1ec0d129d61cc514742e74c4ca547d2bfa6286fa31647577de3e5ee79620
-
SSDEEP
384:cDQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZcDq:cU5yBVd7Rpcnu2
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-