General
-
Target
5688deb8fa7847d35edc9c483c0b2429.bin
-
Size
23KB
-
Sample
230605-m6qy5agf4t
-
MD5
5688deb8fa7847d35edc9c483c0b2429
-
SHA1
867761d2582da4a064868f95abbcb38c82e0bec7
-
SHA256
2bc8b2b68450f868d29a5c3be8ed9d0674e99c3eec32f764bf786e90cec28ac9
-
SHA512
cdfd7d88c11b083f809651c5dd41d67d5d6b0e4d6c5e82eef6bdcfb827168cf1e237f536147b7fd7f360a3141906e3834cba28bd57271ca8927dba42797fae72
-
SSDEEP
384:rTq4aKll4h7o93VyDGvEWJh46sgKkbmyk38mRvR6JZlbw8hqIusZzZGD:cO00y6vE/RpcnuH
Malware Config
Extracted
njrat
Madest 0.7d
BonDay
613b5255dc93559ec83b6120ba141c83
-
reg_key
613b5255dc93559ec83b6120ba141c83
-
splitter
|'|'|
Targets
-
-
Target
5688deb8fa7847d35edc9c483c0b2429.bin
-
Size
23KB
-
MD5
5688deb8fa7847d35edc9c483c0b2429
-
SHA1
867761d2582da4a064868f95abbcb38c82e0bec7
-
SHA256
2bc8b2b68450f868d29a5c3be8ed9d0674e99c3eec32f764bf786e90cec28ac9
-
SHA512
cdfd7d88c11b083f809651c5dd41d67d5d6b0e4d6c5e82eef6bdcfb827168cf1e237f536147b7fd7f360a3141906e3834cba28bd57271ca8927dba42797fae72
-
SSDEEP
384:rTq4aKll4h7o93VyDGvEWJh46sgKkbmyk38mRvR6JZlbw8hqIusZzZGD:cO00y6vE/RpcnuH
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-