General
-
Target
Blitzedv12.exe
-
Size
1.7MB
-
Sample
230220-tlfe8abf38
-
MD5
38451c0bdaece2d4829f356c8b0487c6
-
SHA1
f379d04e5748cd12e2ef2c2dc255e36089693c84
-
SHA256
7bddc54d8f7c4721bf637f97103ab8c6235a4173f45252cc792f483f8cf0a34d
-
SHA512
ce620a8bea4792bad269f24cb737c9cdb4c9fc0ce70543957a04b7ba13ed8de2c0c18fa12552903c3222f91bba90e3f9b02bb8b29cee3634d5ffdc6372ca21a7
-
SSDEEP
24576:LxAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtE:NAznU4n9t2ELj18p4BDifoM83ig9ApS
Malware Config
Extracted
njrat
v4.0
MyBot
winter-rd.at.ply.gg:5637
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Blitzedv12.exe
-
Size
1.7MB
-
MD5
38451c0bdaece2d4829f356c8b0487c6
-
SHA1
f379d04e5748cd12e2ef2c2dc255e36089693c84
-
SHA256
7bddc54d8f7c4721bf637f97103ab8c6235a4173f45252cc792f483f8cf0a34d
-
SHA512
ce620a8bea4792bad269f24cb737c9cdb4c9fc0ce70543957a04b7ba13ed8de2c0c18fa12552903c3222f91bba90e3f9b02bb8b29cee3634d5ffdc6372ca21a7
-
SSDEEP
24576:LxAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtE:NAznU4n9t2ELj18p4BDifoM83ig9ApS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-