General
-
Target
02713499.exe
-
Size
37KB
-
Sample
230611-m9x7lsha34
-
MD5
8df580374610710eb431781ccb34d32b
-
SHA1
6748c5f6da3822d231b29d609b698da67fb60edb
-
SHA256
bbe2707f076f91c7028df9bbab32cb9a217bb783aaf63c3f2f939a327f181fd1
-
SHA512
aea02bb55966929292dc1bb079d13715d93742c89f5c21516fa3d3925a0baf75e939c7e421be31f34e417696725b25035b3d0d09a338205d4a21649f404d671f
-
SSDEEP
384:bQ2KMizd9jnBhFbJ8ycPVnvvnwaUBKrAF+rMRTyN/0L+EcoinblneHQM3epzXuNg:U2g9lLJfcPVn3VU4rM+rMRa8NuQut
Malware Config
Extracted
njrat
im523
HacKed
209.25.141.181:28050
eef0e93e0856f7f888c098cb5e4320ee
-
reg_key
eef0e93e0856f7f888c098cb5e4320ee
-
splitter
|'|'|
Targets
-
-
Target
02713499.exe
-
Size
37KB
-
MD5
8df580374610710eb431781ccb34d32b
-
SHA1
6748c5f6da3822d231b29d609b698da67fb60edb
-
SHA256
bbe2707f076f91c7028df9bbab32cb9a217bb783aaf63c3f2f939a327f181fd1
-
SHA512
aea02bb55966929292dc1bb079d13715d93742c89f5c21516fa3d3925a0baf75e939c7e421be31f34e417696725b25035b3d0d09a338205d4a21649f404d671f
-
SSDEEP
384:bQ2KMizd9jnBhFbJ8ycPVnvvnwaUBKrAF+rMRTyN/0L+EcoinblneHQM3epzXuNg:U2g9lLJfcPVn3VU4rM+rMRa8NuQut
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-