General
-
Target
8f1737c0fac5260a56b6a325ae2e374f.exe
-
Size
37KB
-
Sample
230205-t6321sab55
-
MD5
8f1737c0fac5260a56b6a325ae2e374f
-
SHA1
8aa1cc67270092e9dde46fd67ceb60e3fd2c0acf
-
SHA256
df5e27452c12c3efb7ef8e103337db609c122cd150dcc9f4d580c37c196006f5
-
SHA512
5853e6b79867b1b6ba355504bde1fad906f63b74bc911b4b7f01aa28541e6cc6d2197c567a70fa7a94c0b13faf55cb31c4f6540db57c388be0a70098257b5baf
-
SSDEEP
384:ICFTgiG1CRZfursvO6yszMFs/DSTHv0LUrAF+rMRTyN/0L+EcoinblneHQM3epzv:ZFN5WpszMFsmjv0QrM+rMRa8NuDvt
Malware Config
Extracted
njrat
im523
HacKed
paradox.uno:5554
5661f58838e58099465c31ca9d2c4c2f
-
reg_key
5661f58838e58099465c31ca9d2c4c2f
-
splitter
|'|'|
Targets
-
-
Target
8f1737c0fac5260a56b6a325ae2e374f.exe
-
Size
37KB
-
MD5
8f1737c0fac5260a56b6a325ae2e374f
-
SHA1
8aa1cc67270092e9dde46fd67ceb60e3fd2c0acf
-
SHA256
df5e27452c12c3efb7ef8e103337db609c122cd150dcc9f4d580c37c196006f5
-
SHA512
5853e6b79867b1b6ba355504bde1fad906f63b74bc911b4b7f01aa28541e6cc6d2197c567a70fa7a94c0b13faf55cb31c4f6540db57c388be0a70098257b5baf
-
SSDEEP
384:ICFTgiG1CRZfursvO6yszMFs/DSTHv0LUrAF+rMRTyN/0L+EcoinblneHQM3epzv:ZFN5WpszMFsmjv0QrM+rMRa8NuDvt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-