General

  • Target

    01C0C4F5A39A9AD6FB6E98D41BFF8284FBD5FB8C57E3F.exe

  • Size

    61KB

  • Sample

    210918-wlvw1scddq

  • MD5

    2f380fb35a4e38df693dbe4250388050

  • SHA1

    3eef31f16de114ed279dfa0c5cf453b598bfe64a

  • SHA256

    01c0c4f5a39a9ad6fb6e98d41bff8284fbd5fb8c57e3f7d0c061b99d9690c743

  • SHA512

    34ad105fc09740015e9a37a4f1a4eb0833da05893e33e42d73c9043029733fd7f81a0458e5f68d02ecf5668b8543195419880f870e3c1591780381220790a189

Malware Config

Targets

    • Target

      01C0C4F5A39A9AD6FB6E98D41BFF8284FBD5FB8C57E3F.exe

    • Size

      61KB

    • MD5

      2f380fb35a4e38df693dbe4250388050

    • SHA1

      3eef31f16de114ed279dfa0c5cf453b598bfe64a

    • SHA256

      01c0c4f5a39a9ad6fb6e98d41bff8284fbd5fb8c57e3f7d0c061b99d9690c743

    • SHA512

      34ad105fc09740015e9a37a4f1a4eb0833da05893e33e42d73c9043029733fd7f81a0458e5f68d02ecf5668b8543195419880f870e3c1591780381220790a189

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks