General

  • Target

    89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

  • Size

    135KB

  • Sample

    210921-kg68psghe5

  • MD5

    c19deb53070413c02b1cd03ae424bb1c

  • SHA1

    b87d4f4fffb60627ec9c7ced3dbdfc945e7a0089

  • SHA256

    89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

  • SHA512

    28192ecaee6278eb9e2998ab829131b8324c863c576c39876950fb62e631613a55b51a17a5f91f0a4d2af4c3bdbc62a146cfa6d08c61a338ec74714865fa3014

Malware Config

Targets

    • Target

      89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

    • Size

      135KB

    • MD5

      c19deb53070413c02b1cd03ae424bb1c

    • SHA1

      b87d4f4fffb60627ec9c7ced3dbdfc945e7a0089

    • SHA256

      89c72522693c171fc9db2f0ef8412fe6881ec0103ffd8edb0e0427fd68fc7fde

    • SHA512

      28192ecaee6278eb9e2998ab829131b8324c863c576c39876950fb62e631613a55b51a17a5f91f0a4d2af4c3bdbc62a146cfa6d08c61a338ec74714865fa3014

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks