General
-
Target
01a15ebeb25b4396bf1f943a9ff2f240.exe
-
Size
99KB
-
Sample
230704-x8c56agc97
-
MD5
01a15ebeb25b4396bf1f943a9ff2f240
-
SHA1
45464e9c127300244902f3628b3b11e34c0e8530
-
SHA256
60e7f5996d69fb22c55c4b6e25cb881ab49a46f3714a42d35dc6f3a66f853498
-
SHA512
18645b8a88275d4ea01c0878900c0e3a4983495a30f818fa1641e4f74c6ac3547d07d3268ba9540847b18671cbcb06f0a73a9544988710a0b67e982863b13578
-
SSDEEP
1536:8WxWs7X4DWTjujzDwuKT3CePS7PoZK2K3r2gGHAfT+qFHuVp6ryQy38a:pveWTjuj/KT3COS7PoM6ghvOV8r28a
Malware Config
Extracted
njrat
0.7d
HACKER
hakim32.ddns.net:2000
numbers-characterization.at.ply.gg:45038
ba79c07aec28b61ac839eeb4fafa3141
-
reg_key
ba79c07aec28b61ac839eeb4fafa3141
-
splitter
|'|'|
Targets
-
-
Target
01a15ebeb25b4396bf1f943a9ff2f240.exe
-
Size
99KB
-
MD5
01a15ebeb25b4396bf1f943a9ff2f240
-
SHA1
45464e9c127300244902f3628b3b11e34c0e8530
-
SHA256
60e7f5996d69fb22c55c4b6e25cb881ab49a46f3714a42d35dc6f3a66f853498
-
SHA512
18645b8a88275d4ea01c0878900c0e3a4983495a30f818fa1641e4f74c6ac3547d07d3268ba9540847b18671cbcb06f0a73a9544988710a0b67e982863b13578
-
SSDEEP
1536:8WxWs7X4DWTjujzDwuKT3CePS7PoZK2K3r2gGHAfT+qFHuVp6ryQy38a:pveWTjuj/KT3COS7PoM6ghvOV8r28a
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-