General

  • Target

    10a5aa925b4739ee54e1470f075e9db9a6990853f587bb99231180b670693668

  • Size

    62KB

  • Sample

    220701-gd67raeddk

  • MD5

    3d931e0e173d08cf672d9977a03d4d62

  • SHA1

    59f989fecf93c9e7b084215af0f205eac9ecb957

  • SHA256

    10a5aa925b4739ee54e1470f075e9db9a6990853f587bb99231180b670693668

  • SHA512

    c5550f4d1be18ae030ae25078e8689e198b58b758f06cde1230f148bfb746c4f75a089f091e6a7a04013f3450383fab257eddff9c2432c30e3630e2dc9b9f2c6

Malware Config

Targets

    • Target

      10a5aa925b4739ee54e1470f075e9db9a6990853f587bb99231180b670693668

    • Size

      62KB

    • MD5

      3d931e0e173d08cf672d9977a03d4d62

    • SHA1

      59f989fecf93c9e7b084215af0f205eac9ecb957

    • SHA256

      10a5aa925b4739ee54e1470f075e9db9a6990853f587bb99231180b670693668

    • SHA512

      c5550f4d1be18ae030ae25078e8689e198b58b758f06cde1230f148bfb746c4f75a089f091e6a7a04013f3450383fab257eddff9c2432c30e3630e2dc9b9f2c6

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks