General
-
Target
0412ac372c744b3055f5cb77035ed85afb3c5468111f56c23ea0c44ee548f35a.exe
-
Size
37KB
-
Sample
230405-m4yk7add44
-
MD5
baa50b16a350701da6b820ee83cee518
-
SHA1
dc3143b96da688aeb181f138bfea0d22946c5a48
-
SHA256
0412ac372c744b3055f5cb77035ed85afb3c5468111f56c23ea0c44ee548f35a
-
SHA512
66f2ae4aed5e6ed3a5e92e06ae6c77912c27dce23f0373e1f0f7036b3d7a6d7f3b02e52117b8c5a49e39c5cdc50a66480363bcdbc2ec1a564501554e91845cbf
-
SSDEEP
384:ETuHbo7gibtjpPu7w9qyMTKBn9csWiTNbrAF+rMRTyN/0L+EcoinblneHQM3epz:xsNN9ZMTKBG9iFrM+rMRa8Nuapt
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:443
1b7052d5fd60d31df205c46057c84fe5
-
reg_key
1b7052d5fd60d31df205c46057c84fe5
-
splitter
|'|'|
Targets
-
-
Target
0412ac372c744b3055f5cb77035ed85afb3c5468111f56c23ea0c44ee548f35a.exe
-
Size
37KB
-
MD5
baa50b16a350701da6b820ee83cee518
-
SHA1
dc3143b96da688aeb181f138bfea0d22946c5a48
-
SHA256
0412ac372c744b3055f5cb77035ed85afb3c5468111f56c23ea0c44ee548f35a
-
SHA512
66f2ae4aed5e6ed3a5e92e06ae6c77912c27dce23f0373e1f0f7036b3d7a6d7f3b02e52117b8c5a49e39c5cdc50a66480363bcdbc2ec1a564501554e91845cbf
-
SSDEEP
384:ETuHbo7gibtjpPu7w9qyMTKBn9csWiTNbrAF+rMRTyN/0L+EcoinblneHQM3epz:xsNN9ZMTKBG9iFrM+rMRa8Nuapt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-