General
-
Target
HEUR-Backdoor.MSIL.Bladabindi.gen-1164dc6c14d.exe
-
Size
1.4MB
-
Sample
220914-yd4kasbbe9
-
MD5
d1d34d4b2632b015feec87ff62cfe143
-
SHA1
19531f092784d7f52cf1df89d180f0e63ec43142
-
SHA256
1164dc6c14d548b7528a2441a822961d663f478520502fc06b3a0e12afa42111
-
SHA512
626a3d331b360028aa66e0ca0b2ff8185dacbb02e45d5d5f9bea6bf400cba02bbc00ddd6fe2daa77d103d25179b64235689085961968e1649abd12d6015c9dab
-
SSDEEP
24576:MAw9HGAUKXNphFY5tysivoyN1DHuMl36I9R+AdI/3:M/NSauMl3rTi
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Backdoor.MSIL.Bladabindi.gen-1164dc6c14d.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
0.tcp.ngrok.io:17413
ed0dbeeaea86b7db8fabde04117ddf70
-
reg_key
ed0dbeeaea86b7db8fabde04117ddf70
-
splitter
|'|'|
Targets
-
-
Target
HEUR-Backdoor.MSIL.Bladabindi.gen-1164dc6c14d.exe
-
Size
1.4MB
-
MD5
d1d34d4b2632b015feec87ff62cfe143
-
SHA1
19531f092784d7f52cf1df89d180f0e63ec43142
-
SHA256
1164dc6c14d548b7528a2441a822961d663f478520502fc06b3a0e12afa42111
-
SHA512
626a3d331b360028aa66e0ca0b2ff8185dacbb02e45d5d5f9bea6bf400cba02bbc00ddd6fe2daa77d103d25179b64235689085961968e1649abd12d6015c9dab
-
SSDEEP
24576:MAw9HGAUKXNphFY5tysivoyN1DHuMl36I9R+AdI/3:M/NSauMl3rTi
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-