General
-
Target
0d5234beef63071451845272964a9d117c5ddb9cde0161a971d40304aa347088.exe
-
Size
37KB
-
Sample
230405-m54tladg45
-
MD5
d5097b67ef6e3d3a8a12a44afc7413a4
-
SHA1
f5480c9bb46e21f226043ae114bf9e54d2e4022b
-
SHA256
0d5234beef63071451845272964a9d117c5ddb9cde0161a971d40304aa347088
-
SHA512
6b03463b3e2f5b754b7844a3ca6b7a8e85f93e8cea714938130ffbad27a93ac9ce113d493e1e2be42983938d84191763fa745338a42835afd71c9b4df5bcf10d
-
SSDEEP
384:RAfvsiDnT95hL5YyUvV/v3Ok4CEW5ArAF+rMRTyN/0L+EcoinblneHQM3epzXmIZ:ALv5zUvV/zVEOArM+rMRa8NufLt
Malware Config
Extracted
njrat
im523
HacKed
susnj.hopto.org:1604
3ae76f1666ee4e0381333da2c647c968
-
reg_key
3ae76f1666ee4e0381333da2c647c968
-
splitter
|'|'|
Targets
-
-
Target
0d5234beef63071451845272964a9d117c5ddb9cde0161a971d40304aa347088.exe
-
Size
37KB
-
MD5
d5097b67ef6e3d3a8a12a44afc7413a4
-
SHA1
f5480c9bb46e21f226043ae114bf9e54d2e4022b
-
SHA256
0d5234beef63071451845272964a9d117c5ddb9cde0161a971d40304aa347088
-
SHA512
6b03463b3e2f5b754b7844a3ca6b7a8e85f93e8cea714938130ffbad27a93ac9ce113d493e1e2be42983938d84191763fa745338a42835afd71c9b4df5bcf10d
-
SSDEEP
384:RAfvsiDnT95hL5YyUvV/v3Ok4CEW5ArAF+rMRTyN/0L+EcoinblneHQM3epzXmIZ:ALv5zUvV/zVEOArM+rMRa8NufLt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-