Overview

overview

10

Static

static

5

88019B0180...90.exe

windows7_x64

10

88019B0180...90.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88019B018015F33C8CA9290A531027E90EAE517F6B590.exe

  • Size

    13.6MB

  • Sample

    211228-wlx2dacfdq

  • MD5

    2821b719af8d6e8a54926a0536c52feb

  • SHA1

    ec3013696893908ec7a726325da37bbf22c04eee

  • SHA256

    88019b018015f33c8ca9290a531027e90eae517f6b590fb1711de81ff222ed98

  • SHA512

    ffb33b3a9118daac53b7ccebb3424affa694123d7b4e8ba5281a387b1d669dfb0cb9e5e321d1d970e0693072d42944861570f3b31cde20b0e542a5ae96b648a6

Score
10/10
njratevasionpersistencesuricatatrojan

Malware Config

Targets

    • Target

      88019B018015F33C8CA9290A531027E90EAE517F6B590.exe

    • Size

      13.6MB

    • MD5

      2821b719af8d6e8a54926a0536c52feb

    • SHA1

      ec3013696893908ec7a726325da37bbf22c04eee

    • SHA256

      88019b018015f33c8ca9290a531027e90eae517f6b590fb1711de81ff222ed98

    • SHA512

      ffb33b3a9118daac53b7ccebb3424affa694123d7b4e8ba5281a387b1d669dfb0cb9e5e321d1d970e0693072d42944861570f3b31cde20b0e542a5ae96b648a6

    Score
    10/10
    njratevasionpersistencesuricatatrojan

    • UAC bypass

      evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks