Overview

overview

10

Static

static

26C934B545...18.exe

windows7_x64

10

26C934B545...18.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26C934B5450A2E29B15806DA4C71D01BA6AE2C98D4F18.exe

  • Size

    229KB

  • Sample

    211105-pwcd4abga9

  • MD5

    00a96cad09cacccc65e205f4784df743

  • SHA1

    9502ca9bde31d8de80e0ef7f087ad10bbcaacb0f

  • SHA256

    26c934b5450a2e29b15806da4c71d01ba6ae2c98d4f18538909807f6d78b2fb6

  • SHA512

    08ba1be57531546d41083f77da20fd71d72797e7dd83c066305c931745cc2c1bffa2e2d342b8878a3bca1838e290ce4f54515a6c540871df78a6bde16564089d

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      26C934B5450A2E29B15806DA4C71D01BA6AE2C98D4F18.exe

    • Size

      229KB

    • MD5

      00a96cad09cacccc65e205f4784df743

    • SHA1

      9502ca9bde31d8de80e0ef7f087ad10bbcaacb0f

    • SHA256

      26c934b5450a2e29b15806da4c71d01ba6ae2c98d4f18538909807f6d78b2fb6

    • SHA512

      08ba1be57531546d41083f77da20fd71d72797e7dd83c066305c931745cc2c1bffa2e2d342b8878a3bca1838e290ce4f54515a6c540871df78a6bde16564089d

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks