General
-
Target
Remcos Professional Cracked By Alcatraz3222-cleaned.exe
-
Size
17.9MB
-
Sample
230329-bkj3xafh4w
-
MD5
946125ea1dcd4d87c44b603f608dd64c
-
SHA1
48635fd472da387b60a43d4b65813516f99c8c55
-
SHA256
56b813058735d5f0980dae75394cba6e78d2096f142aaf7811251dbac7657bb1
-
SHA512
b3f42641a68cd4e7c365a031f6c1997e3c4efcf0fbf6b616341062b23f58e90d6a08d93ac249de1b53151a8dfb728da5cbdfd8d18e96892410038385fb96c7e5
-
SSDEEP
393216:tHN4EgV1uaHYxhfJJZu9rOtEK0Vc+shB97mip52wrqi3nHoKzMWUOCF:tCEm54vJJZWWMgp5HuuzMWU
Malware Config
Extracted
njrat
0.7d
HacKed
dllsys.duckdns.org:3202
3b570ffeeb3d34249b9a5ce0ee58a328
-
reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
-
splitter
svchost
Targets
-
-
Target
Remcos Professional Cracked By Alcatraz3222-cleaned.exe
-
Size
17.9MB
-
MD5
946125ea1dcd4d87c44b603f608dd64c
-
SHA1
48635fd472da387b60a43d4b65813516f99c8c55
-
SHA256
56b813058735d5f0980dae75394cba6e78d2096f142aaf7811251dbac7657bb1
-
SHA512
b3f42641a68cd4e7c365a031f6c1997e3c4efcf0fbf6b616341062b23f58e90d6a08d93ac249de1b53151a8dfb728da5cbdfd8d18e96892410038385fb96c7e5
-
SSDEEP
393216:tHN4EgV1uaHYxhfJJZu9rOtEK0Vc+shB97mip52wrqi3nHoKzMWUOCF:tCEm54vJJZWWMgp5HuuzMWU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-