01C0C4F5A39A9AD6FB6E98D41BFF8284FBD5FB8C57E3F.exe

General
Target

01C0C4F5A39A9AD6FB6E98D41BFF8284FBD5FB8C57E3F.exe

Size

61KB

Sample

210918-wlvw1scddq

Score
10 /10
MD5

2f380fb35a4e38df693dbe4250388050

SHA1

3eef31f16de114ed279dfa0c5cf453b598bfe64a

SHA256

01c0c4f5a39a9ad6fb6e98d41bff8284fbd5fb8c57e3f7d0c061b99d9690c743

SHA512

34ad105fc09740015e9a37a4f1a4eb0833da05893e33e42d73c9043029733fd7f81a0458e5f68d02ecf5668b8543195419880f870e3c1591780381220790a189

Malware Config
Targets
Target

01C0C4F5A39A9AD6FB6E98D41BFF8284FBD5FB8C57E3F.exe

MD5

2f380fb35a4e38df693dbe4250388050

Filesize

61KB

Score
10 /10
SHA1

3eef31f16de114ed279dfa0c5cf453b598bfe64a

SHA256

01c0c4f5a39a9ad6fb6e98d41bff8284fbd5fb8c57e3f7d0c061b99d9690c743

SHA512

34ad105fc09740015e9a37a4f1a4eb0833da05893e33e42d73c9043029733fd7f81a0458e5f68d02ecf5668b8543195419880f870e3c1591780381220790a189

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks