General
-
Target
Anonfiles Search Engine v1.2 by CRYP70.exe
-
Size
923KB
-
Sample
230404-bjtkysca96
-
MD5
85615d32114184918dd41ede21a1c714
-
SHA1
65616774bdd84720680cbbd5a58b6a04cfbe7946
-
SHA256
a837aaa0366bf57c775270519937f1cc621c98aac8bfb1abab7a31cfa42e63c1
-
SHA512
4bf707a069e6410c2c84e7489fc0bf6c499ab4140c367ab411e01dfa7a6508adefd539dde612f01491e082ae5c3c6113a086a408e788141fad9a7a208fd1ef12
-
SSDEEP
12288:yZNna8JaL8d39HlfJS3Zae9h5Lg4/SEp3/RJPHqleuTyrb6YvirBjpOUREzLw2f+:W0odRlhbrBj0+EzLwW1T8HQ
Malware Config
Extracted
njrat
0.7d
HacKed
blog.hackcrack.io:8086
Windows Explorer
-
reg_key
Windows Explorer
-
splitter
|'|'|
Targets
-
-
Target
Anonfiles Search Engine v1.2 by CRYP70.exe
-
Size
923KB
-
MD5
85615d32114184918dd41ede21a1c714
-
SHA1
65616774bdd84720680cbbd5a58b6a04cfbe7946
-
SHA256
a837aaa0366bf57c775270519937f1cc621c98aac8bfb1abab7a31cfa42e63c1
-
SHA512
4bf707a069e6410c2c84e7489fc0bf6c499ab4140c367ab411e01dfa7a6508adefd539dde612f01491e082ae5c3c6113a086a408e788141fad9a7a208fd1ef12
-
SSDEEP
12288:yZNna8JaL8d39HlfJS3Zae9h5Lg4/SEp3/RJPHqleuTyrb6YvirBjpOUREzLw2f+:W0odRlhbrBj0+EzLwW1T8HQ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-