General
-
Target
2bdbbcf204b6075be6b8d4ecdd853a6b.exe
-
Size
37KB
-
Sample
230401-n9qyzahh58
-
MD5
2bdbbcf204b6075be6b8d4ecdd853a6b
-
SHA1
108244ebaee0b10099615fa542397ce913f1ceaf
-
SHA256
c346077dad0342592db753fe2ab36d2f9f1c76e55cf8556fe5cda92897e99c7e
-
SHA512
5650016f20ece650cc7b0ea1390c62e6d8b6bb899bccb85b0fb36dbb9a6edd1c8b1f18f55bdcc56b7062beca0354c45790b51836e7fa420bf05cefc4dc52ca74
-
SSDEEP
384:lZmZZDj6iclri5Z7JAyk/m4uvBxZeaaPBrAF+rMRTyN/0L+EcoinblneHQM3epzk:aZLHJ7k/m4ubZraJrM+rMRa8Nuqxt
Malware Config
Extracted
njrat
im523
HacKed
if-prairie.at.ply.gg:22113
372599773d55ccbd00399b39b33a8b25
-
reg_key
372599773d55ccbd00399b39b33a8b25
-
splitter
|'|'|
Targets
-
-
Target
2bdbbcf204b6075be6b8d4ecdd853a6b.exe
-
Size
37KB
-
MD5
2bdbbcf204b6075be6b8d4ecdd853a6b
-
SHA1
108244ebaee0b10099615fa542397ce913f1ceaf
-
SHA256
c346077dad0342592db753fe2ab36d2f9f1c76e55cf8556fe5cda92897e99c7e
-
SHA512
5650016f20ece650cc7b0ea1390c62e6d8b6bb899bccb85b0fb36dbb9a6edd1c8b1f18f55bdcc56b7062beca0354c45790b51836e7fa420bf05cefc4dc52ca74
-
SSDEEP
384:lZmZZDj6iclri5Z7JAyk/m4uvBxZeaaPBrAF+rMRTyN/0L+EcoinblneHQM3epzk:aZLHJ7k/m4ubZraJrM+rMRa8Nuqxt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-