General
-
Target
0x000a0000000133de62.dat
-
Size
37KB
-
Sample
230506-zav97aec2s
-
MD5
460525e0e9ced13c10ada8bd39a3b6a8
-
SHA1
c679d90b08583b4ce782e0f35ff10723e558fe7f
-
SHA256
efac401541da85216e9437f64e3c9d344040018e3dfa304219db3bac0d43a790
-
SHA512
4b0fa5982fa137c29ccdc83c65eb40127188a9061523ae7afac5c4371e588bfbed4281c32349d327f295e01af580929ba66d7d4695584856dd827384a04fde79
-
SSDEEP
384:5tKyngiBt/sBkVYv9qykTHkXXTnLfUbqNfZCReimEihsKxNm/y9U386j1SD9XRNE:3RNf49ZkTHg/fjtSeiIiNZSpBhU
Malware Config
Extracted
njrat
im523
I
finally-bunch.at.ply.gg:42320
a70d955761eaa352e51201c79158753c
-
reg_key
a70d955761eaa352e51201c79158753c
-
splitter
|'|'|
Targets
-
-
Target
0x000a0000000133de62.dat
-
Size
37KB
-
MD5
460525e0e9ced13c10ada8bd39a3b6a8
-
SHA1
c679d90b08583b4ce782e0f35ff10723e558fe7f
-
SHA256
efac401541da85216e9437f64e3c9d344040018e3dfa304219db3bac0d43a790
-
SHA512
4b0fa5982fa137c29ccdc83c65eb40127188a9061523ae7afac5c4371e588bfbed4281c32349d327f295e01af580929ba66d7d4695584856dd827384a04fde79
-
SSDEEP
384:5tKyngiBt/sBkVYv9qykTHkXXTnLfUbqNfZCReimEihsKxNm/y9U386j1SD9XRNE:3RNf49ZkTHg/fjtSeiIiNZSpBhU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-