General

  • Target

    abb615328da70ea77a29f1cfbd562d3d4eb346bad12efd6431ba4dc45e4d07df

  • Size

    768KB

  • Sample

    210930-n5sl1ahec2

  • MD5

    9d547d2e07746d84f0c9ce72502a9749

  • SHA1

    03419c2d9dcdda38826203dad7a9ef3b5eff6280

  • SHA256

    abb615328da70ea77a29f1cfbd562d3d4eb346bad12efd6431ba4dc45e4d07df

  • SHA512

    862c8b3205539c66a60deba6384a409f52b247c625c55a96c454bf69bf38a3690043eb0f88b4666dda5764742215c42fde5f343c9d3fea5e122e4677b7c4ed44

Malware Config

Targets

    • Target

      abb615328da70ea77a29f1cfbd562d3d4eb346bad12efd6431ba4dc45e4d07df

    • Size

      768KB

    • MD5

      9d547d2e07746d84f0c9ce72502a9749

    • SHA1

      03419c2d9dcdda38826203dad7a9ef3b5eff6280

    • SHA256

      abb615328da70ea77a29f1cfbd562d3d4eb346bad12efd6431ba4dc45e4d07df

    • SHA512

      862c8b3205539c66a60deba6384a409f52b247c625c55a96c454bf69bf38a3690043eb0f88b4666dda5764742215c42fde5f343c9d3fea5e122e4677b7c4ed44

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks