89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

General
Target

89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

Size

135KB

Sample

210921-kg68psghe5

Score
10 /10
MD5

c19deb53070413c02b1cd03ae424bb1c

SHA1

b87d4f4fffb60627ec9c7ced3dbdfc945e7a0089

SHA256

89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

SHA512

28192ecaee6278eb9e2998ab829131b8324c863c576c39876950fb62e631613a55b51a17a5f91f0a4d2af4c3bdbc62a146cfa6d08c61a338ec74714865fa3014

Malware Config
Targets
Target

89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

MD5

c19deb53070413c02b1cd03ae424bb1c

Filesize

135KB

Score
10 /10
SHA1

b87d4f4fffb60627ec9c7ced3dbdfc945e7a0089

SHA256

89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

SHA512

28192ecaee6278eb9e2998ab829131b8324c863c576c39876950fb62e631613a55b51a17a5f91f0a4d2af4c3bdbc62a146cfa6d08c61a338ec74714865fa3014

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10