General
-
Target
NEAS.6b6690007fce39d754145a3fcf541e20_JC.exe
-
Size
417KB
-
Sample
231105-wybznsaa7y
-
MD5
6b6690007fce39d754145a3fcf541e20
-
SHA1
e12be99fe3e198c35f36d9bc8db15254c8a0b7e9
-
SHA256
fe74398cc6c57622cde0ece734d7122231f4aa764b0a40a20be2ba8920194aeb
-
SHA512
24fe6e4bb45b39a6d623faaa0f1e7f82dc2d99cc2e49425935f44374d523b5bdf3a54518b0dda8591bb9a90046559103ef524ceaa4c70ceb66a8599b39fefdd5
-
SSDEEP
6144:O7mQzCEVUXd8QwWunWqMz2FXhFTe7yZQkgI6XoP:mmQzCEc8Qw/WqMSFTeA0xc
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
dark100.hopto.org:1177
c097fbb4bc205dd1d5f059ab4c4b7e41
-
reg_key
c097fbb4bc205dd1d5f059ab4c4b7e41
-
splitter
|'|'|
Targets
-
-
Target
NEAS.6b6690007fce39d754145a3fcf541e20_JC.exe
-
Size
417KB
-
MD5
6b6690007fce39d754145a3fcf541e20
-
SHA1
e12be99fe3e198c35f36d9bc8db15254c8a0b7e9
-
SHA256
fe74398cc6c57622cde0ece734d7122231f4aa764b0a40a20be2ba8920194aeb
-
SHA512
24fe6e4bb45b39a6d623faaa0f1e7f82dc2d99cc2e49425935f44374d523b5bdf3a54518b0dda8591bb9a90046559103ef524ceaa4c70ceb66a8599b39fefdd5
-
SSDEEP
6144:O7mQzCEVUXd8QwWunWqMz2FXhFTe7yZQkgI6XoP:mmQzCEc8Qw/WqMSFTeA0xc
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-