General
-
Target
celex.exe
-
Size
55KB
-
Sample
241204-tjsyjawkdl
-
MD5
12b85b6e730f6f4a92e2b10056269197
-
SHA1
f642ac330be5fe04bc21cd4a98e77e9d017f97c6
-
SHA256
c16c299ce7b493462cd973c199d2fec2544800711ba0b42cf47f84374d6e71d7
-
SHA512
ab7bac1c0603ece5339baccd8566a2151ec488e820f6f0a119a9882a92f27f9a6844d6273ad27026b869363a9366531d0f4e7677461538cd350e1111e15c5081
-
SSDEEP
1536:sjYADn8fLN2/SbxRDD3wsNMD7XExI3pmSm:RADnccqbTDD3wsNMD7XExI3pm
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
cities-constraints.gl.at.ply.gg:16265
02c50d9a6cd2748a3e6820b9ed4d22d1
-
reg_key
02c50d9a6cd2748a3e6820b9ed4d22d1
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
celex.exe
-
Size
55KB
-
MD5
12b85b6e730f6f4a92e2b10056269197
-
SHA1
f642ac330be5fe04bc21cd4a98e77e9d017f97c6
-
SHA256
c16c299ce7b493462cd973c199d2fec2544800711ba0b42cf47f84374d6e71d7
-
SHA512
ab7bac1c0603ece5339baccd8566a2151ec488e820f6f0a119a9882a92f27f9a6844d6273ad27026b869363a9366531d0f4e7677461538cd350e1111e15c5081
-
SSDEEP
1536:sjYADn8fLN2/SbxRDD3wsNMD7XExI3pmSm:RADnccqbTDD3wsNMD7XExI3pm
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Stops running service(s)
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-