General
-
Target
50aa36f5127822980c319dca7322160aed25ebed0fdfeb536ffd677bc823691f
-
Size
110KB
-
Sample
240912-2gjabazajf
-
MD5
abb0c749c613d62fc1a1a2ca696409ef
-
SHA1
54a6d6e056d459018c3b850fafe72765c52dc5f8
-
SHA256
50aa36f5127822980c319dca7322160aed25ebed0fdfeb536ffd677bc823691f
-
SHA512
847bbd1f85d6dbcd59d790af2aa5542e461dc2e1c654d6ef8a52b513e80be9c2cf82b8d49c1eecb6967e8101d9ff9821977893b200d84fe22f35b32190f9c6d1
-
SSDEEP
3072:e02Hz+fdxuHJr2SLp2FoYYT+jAAm6/A0Me:/nup5LDrT+0h6
Malware Config
Extracted
njrat
0.7d
HacKed 2025
chipo.publicvm.com:1177
61bdc0e17a9f9215df162e0317b9e135
-
reg_key
61bdc0e17a9f9215df162e0317b9e135
-
splitter
|'|'|
Targets
-
-
Target
50aa36f5127822980c319dca7322160aed25ebed0fdfeb536ffd677bc823691f
-
Size
110KB
-
MD5
abb0c749c613d62fc1a1a2ca696409ef
-
SHA1
54a6d6e056d459018c3b850fafe72765c52dc5f8
-
SHA256
50aa36f5127822980c319dca7322160aed25ebed0fdfeb536ffd677bc823691f
-
SHA512
847bbd1f85d6dbcd59d790af2aa5542e461dc2e1c654d6ef8a52b513e80be9c2cf82b8d49c1eecb6967e8101d9ff9821977893b200d84fe22f35b32190f9c6d1
-
SSDEEP
3072:e02Hz+fdxuHJr2SLp2FoYYT+jAAm6/A0Me:/nup5LDrT+0h6
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1