General
-
Target
c79b8eaef85540f4e574162e51b4ef98.exe
-
Size
225KB
-
Sample
230114-czp35sgf72
-
MD5
c79b8eaef85540f4e574162e51b4ef98
-
SHA1
5636caa6dc5dbcdb296e4a6f9f59c7d64e675909
-
SHA256
a281865e116c45442f921963ea8f931c183776061b9e9dd7328f4a54f4f13b4b
-
SHA512
2cdec138fe5ee4453ef6019cac4551ec69aaf99b6eb31d7a50182a5ff1af22a14fed9eb858b6a9a9deb2cff502dff344bc6536d47d8be39ee9b40be8db329913
-
SSDEEP
3072:QF327h+yJvq/xr+VBFaImYIYiheeeeeeeeefYDeOiClppeppOpplppepppDppptf:832QfZrMBgJSOG9iO2RK
Malware Config
Extracted
njrat
im523
Desktop
6.tcp.eu.ngrok.io:10945
a197c9392c3d531e5c503c947b346f93
-
reg_key
a197c9392c3d531e5c503c947b346f93
-
splitter
|'|'|
Targets
-
-
Target
c79b8eaef85540f4e574162e51b4ef98.exe
-
Size
225KB
-
MD5
c79b8eaef85540f4e574162e51b4ef98
-
SHA1
5636caa6dc5dbcdb296e4a6f9f59c7d64e675909
-
SHA256
a281865e116c45442f921963ea8f931c183776061b9e9dd7328f4a54f4f13b4b
-
SHA512
2cdec138fe5ee4453ef6019cac4551ec69aaf99b6eb31d7a50182a5ff1af22a14fed9eb858b6a9a9deb2cff502dff344bc6536d47d8be39ee9b40be8db329913
-
SSDEEP
3072:QF327h+yJvq/xr+VBFaImYIYiheeeeeeeeefYDeOiClppeppOpplppepppDppptf:832QfZrMBgJSOG9iO2RK
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-