d52a459560622be3d8ab5d46ccface98acb49641386b971d427784d9f14e413e

General
Target

d52a459560622be3d8ab5d46ccface98acb49641386b971d427784d9f14e413e

Size

1MB

Sample

210922-qkjvgacgd3

Score
10 /10
MD5

87665d443c7a883a9605213fa5028662

SHA1

04f910763ed46eb2b40be54f42ad7b7e4b149dd6

SHA256

d52a459560622be3d8ab5d46ccface98acb49641386b971d427784d9f14e413e

SHA512

b46e0937229313334646aca69b041f1134b048c29518b85381fae86172e7c1f88134bd4576606d5b56c0ba4ee2b7ebd0d5bc979e81597422a57f22bf99d79f00

Malware Config
Targets
Target

d52a459560622be3d8ab5d46ccface98acb49641386b971d427784d9f14e413e

MD5

87665d443c7a883a9605213fa5028662

Filesize

1MB

Score
10 /10
SHA1

04f910763ed46eb2b40be54f42ad7b7e4b149dd6

SHA256

d52a459560622be3d8ab5d46ccface98acb49641386b971d427784d9f14e413e

SHA512

b46e0937229313334646aca69b041f1134b048c29518b85381fae86172e7c1f88134bd4576606d5b56c0ba4ee2b7ebd0d5bc979e81597422a57f22bf99d79f00

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10