General

  • Target

    2EB88BA0EC82B9BE5DEF15BFD603EBFB764089EC2B14D.exe

  • Size

    40KB

  • Sample

    210914-3wqhlsbdfr

  • MD5

    1e59602b94507836f0fddb82d8c7ac04

  • SHA1

    1374bfc9639ae6583e79eb3cbd120a890dc3cb6b

  • SHA256

    2eb88ba0ec82b9be5def15bfd603ebfb764089ec2b14d2272feedc7b34630a01

  • SHA512

    8e103f07aad5fc7fc6e1238ebccb450f21d822e3a1eddcf061dd60c9b26eb86023770050fe9ae83f8dd1d31172bcb6208f3742d3d33958dac01481356a2610ed

Malware Config

Targets

    • Target

      2EB88BA0EC82B9BE5DEF15BFD603EBFB764089EC2B14D.exe

    • Size

      40KB

    • MD5

      1e59602b94507836f0fddb82d8c7ac04

    • SHA1

      1374bfc9639ae6583e79eb3cbd120a890dc3cb6b

    • SHA256

      2eb88ba0ec82b9be5def15bfd603ebfb764089ec2b14d2272feedc7b34630a01

    • SHA512

      8e103f07aad5fc7fc6e1238ebccb450f21d822e3a1eddcf061dd60c9b26eb86023770050fe9ae83f8dd1d31172bcb6208f3742d3d33958dac01481356a2610ed

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks