General
-
Target
bfbae8700482430e437f19775ec2300c.exe
-
Size
43KB
-
Sample
230124-a4msgahg2v
-
MD5
bfbae8700482430e437f19775ec2300c
-
SHA1
37b64267becf1a36ed3b59e092b9c6e436669d02
-
SHA256
9d4fa86ae4f8aa26980f7dc2d8761901643b698c50b40ddf0477bfacd8a1e9d3
-
SHA512
fa70371ae55f4f77f2afd342fa8e00741c809b9e6885b98e52fa6375832d5c95bf045d2b276cad2ce6df6dd33b6782ad5163e53a4f06b350b8d61e1eb4341c08
-
SSDEEP
384:2ZyON3vxdW/IUyNZmd5yFivUwaMbt156lbC9D9O5UE5QzwBlpJNakkjh/TzF7pWS:sB/xIghNZk5yFivd9tilvQO+3D+L
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
system
2.tcp.eu.ngrok.io:10724
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
bfbae8700482430e437f19775ec2300c.exe
-
Size
43KB
-
MD5
bfbae8700482430e437f19775ec2300c
-
SHA1
37b64267becf1a36ed3b59e092b9c6e436669d02
-
SHA256
9d4fa86ae4f8aa26980f7dc2d8761901643b698c50b40ddf0477bfacd8a1e9d3
-
SHA512
fa70371ae55f4f77f2afd342fa8e00741c809b9e6885b98e52fa6375832d5c95bf045d2b276cad2ce6df6dd33b6782ad5163e53a4f06b350b8d61e1eb4341c08
-
SSDEEP
384:2ZyON3vxdW/IUyNZmd5yFivUwaMbt156lbC9D9O5UE5QzwBlpJNakkjh/TzF7pWS:sB/xIghNZk5yFivd9tilvQO+3D+L
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-