General

  • Target

    SecuriteInfo.com.Atros7.OHE.31928.12310

  • Size

    35KB

  • Sample

    200713-3hgs6c8ewa

  • MD5

    d9099b15a586053c53069c8a636a3ad6

  • SHA1

    965aed8ed2f5345c89f79f54fcb2e9d82ff929ee

  • SHA256

    e7ab97cc5f69b125dabf881992f61e38a0d27585067d95c25d9a6a52f5c84539

  • SHA512

    c7e47d860a859097f6d762caecbfed75f49ecbef18f93abdbdab7a1c513c64481bd0a935352536d969fa9cc064bcc43502facdf367d282fd01e75049494ee072

Malware Config

Targets

    • Target

      SecuriteInfo.com.Atros7.OHE.31928.12310

    • Size

      35KB

    • MD5

      d9099b15a586053c53069c8a636a3ad6

    • SHA1

      965aed8ed2f5345c89f79f54fcb2e9d82ff929ee

    • SHA256

      e7ab97cc5f69b125dabf881992f61e38a0d27585067d95c25d9a6a52f5c84539

    • SHA512

      c7e47d860a859097f6d762caecbfed75f49ecbef18f93abdbdab7a1c513c64481bd0a935352536d969fa9cc064bcc43502facdf367d282fd01e75049494ee072

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run entry to start application

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks