General
-
Target
2c2a5b46bd15e13fd2f3df4c06457578.bin
-
Size
34KB
-
Sample
230722-bkwfyahg7z
-
MD5
14521a0506c143f9188a0b3a749949d9
-
SHA1
3021df6d564608b8b6286ac6cb9e68902f80ede0
-
SHA256
75b8f18364353a9f155758cd49aa1e92dec0a13a37582e7b4d76a263391210ea
-
SHA512
3af1542cda359624c87924792d87b872c9fd1864e7ebdc00b386ca5e2e558055ae36842e636569930782a0f6ecfb1d3c75e3f6af868391d43af384e0329e9f53
-
SSDEEP
768:At8Mx8NEoShcpHq9VAMmILN68u+Ol4h0mQe0ieTmpzfRoX:JMxZcNStLe+Oeh0mSdCpzfR+
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
4.tcp.eu.ngrok.io:17194
a524b09bfc2eaa9fdc9d91ea93858bfc
-
reg_key
a524b09bfc2eaa9fdc9d91ea93858bfc
-
splitter
|'|'|
Targets
-
-
Target
89a06a16c73f4cee629bc145fa8ca6dc2003b4c3a3ff4a0c1cec473ec42ae875.exe
-
Size
93KB
-
MD5
2c2a5b46bd15e13fd2f3df4c06457578
-
SHA1
4ef3481467fc0ce0bb1df5b627d218ef2ae2fc58
-
SHA256
89a06a16c73f4cee629bc145fa8ca6dc2003b4c3a3ff4a0c1cec473ec42ae875
-
SHA512
1aade6ac068ee949930be301d9e9ddec20c4809e6c0463198e76ae7ba423ea1dac0b1db8195886dd9e7c33cf5d9616ab6d52c6058349cf67497192be5ba8ad8a
-
SSDEEP
768:9Y3h+TnkpjTMpALPGMtsas88EtNXhU9Y1mxCXxrjEtCdnl2pi1Rz4Rk3WsGdpogM:y+7kVbPGHz88Eb71pjEwzGi1dDyDogS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-