General

  • Target

    a2ca2e6e2a347594ecaa90b1e380fd5ef6090968bcd4296ffc9b0f6d39c9c3dc

  • Size

    711KB

  • Sample

    221002-2aqqtaefhq

  • MD5

    61ad9e5151fa5909d9e5ef8881b15870

  • SHA1

    e6853896639f59c4fadc69fa5e025f50c5daab52

  • SHA256

    a2ca2e6e2a347594ecaa90b1e380fd5ef6090968bcd4296ffc9b0f6d39c9c3dc

  • SHA512

    a29ee9b434f148c3c43c0121e945493f6c86504019e9dfad5887a211bb561200674ddbf17d42ea1103e209b69045e872dd020f1dfa940c0c22522a2a60c3edd1

Malware Config

Targets

    • Target

      a2ca2e6e2a347594ecaa90b1e380fd5ef6090968bcd4296ffc9b0f6d39c9c3dc

    • Size

      711KB

    • MD5

      61ad9e5151fa5909d9e5ef8881b15870

    • SHA1

      e6853896639f59c4fadc69fa5e025f50c5daab52

    • SHA256

      a2ca2e6e2a347594ecaa90b1e380fd5ef6090968bcd4296ffc9b0f6d39c9c3dc

    • SHA512

      a29ee9b434f148c3c43c0121e945493f6c86504019e9dfad5887a211bb561200674ddbf17d42ea1103e209b69045e872dd020f1dfa940c0c22522a2a60c3edd1

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation