Resubmissions
20-02-2023 15:51
230220-tavqrsbe76 10General
-
Target
BlitzedGrabber.exe
-
Size
2.3MB
-
Sample
230220-tavqrsbe76
-
MD5
e26786b1e73c9012aa5a395f5b539157
-
SHA1
6e1ebc73f642c21068f790b8574cced1f51becde
-
SHA256
b789d984abae7c36f9b71ae421e8c05602728d7a0ec0b3742632eb819fb661f8
-
SHA512
3e01078509597336b655adbf1428a4c90d7db8eff5e89c7de2a670995ea738550f4571ad9ff72edcd7c0fb08db77dce322ce02292269858119cf97f30f660d99
-
SSDEEP
24576:UoFnrj/BLDrrP9rkccneVkGpEwDN9fQbnOwqi0oTl7Q0aRtsDsfHQ+EgZC/IioEt:UoF/BNrJAGaWrNbJMlk0aAWHzLZCq96
Malware Config
Extracted
njrat
v4.0
MyBot
winter-rd.at.ply.gg:26394
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
BlitzedGrabber.exe
-
Size
2.3MB
-
MD5
e26786b1e73c9012aa5a395f5b539157
-
SHA1
6e1ebc73f642c21068f790b8574cced1f51becde
-
SHA256
b789d984abae7c36f9b71ae421e8c05602728d7a0ec0b3742632eb819fb661f8
-
SHA512
3e01078509597336b655adbf1428a4c90d7db8eff5e89c7de2a670995ea738550f4571ad9ff72edcd7c0fb08db77dce322ce02292269858119cf97f30f660d99
-
SSDEEP
24576:UoFnrj/BLDrrP9rkccneVkGpEwDN9fQbnOwqi0oTl7Q0aRtsDsfHQ+EgZC/IioEt:UoF/BNrJAGaWrNbJMlk0aAWHzLZCq96
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-