e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca

General
Target

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca

Size

396KB

Sample

210914-jeqmhaaccn

Score
10 /10
MD5

656436be4766884dd8fe86631f7d101a

SHA1

e527e92099388b0d77a556449ec2a3d3cdb71fbc

SHA256

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca

SHA512

b81b3efc74cd7bf4d0209b94711bf62d48d4507451c5c1fc8bda4be564eca74837e110646b1122d1d2805d2bf3400f43056bd082d9ac378d0d2ac5d29f6e0c3a

Malware Config
Targets
Target

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca

MD5

656436be4766884dd8fe86631f7d101a

Filesize

396KB

Score
10/10
SHA1

e527e92099388b0d77a556449ec2a3d3cdb71fbc

SHA256

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca

SHA512

b81b3efc74cd7bf4d0209b94711bf62d48d4507451c5c1fc8bda4be564eca74837e110646b1122d1d2805d2bf3400f43056bd082d9ac378d0d2ac5d29f6e0c3a

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • .NET Reactor proctector

    Description

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    1/10

                    behavioral2

                    10/10