Overview

overview

10

Static

static

3e74c84dcf...19.exe

windows7-x64

8

3e74c84dcf...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e74c84dcf96d3231fffd270a27fff6e2d5d7a4a8d082a5ccb786f73bad79719

  • Size

    26KB

  • Sample

    221029-2rae6aade9

  • MD5

    5ca4876332f88d099c737ce267392a40

  • SHA1

    13d7662f2c4984540366a4e54a7beddcdd1a755c

  • SHA256

    3e74c84dcf96d3231fffd270a27fff6e2d5d7a4a8d082a5ccb786f73bad79719

  • SHA512

    3f6ac188c4bffb78ae451d49ec7586d3cec7fda6d03ece7df831f2e1ab676ab2e031f36d0dc0e7e773e1f7738ab1c5be43e8076e8422f80976ebbc4d0d4443c3

  • SSDEEP

    384:vrD/ik3dAr40CQwbvwxOakzsdDLgQWBUp9IvgsHVIez63X2ytsyA:3ahM0DQvwEa0lQg3v+ez63X2ybA

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      3e74c84dcf96d3231fffd270a27fff6e2d5d7a4a8d082a5ccb786f73bad79719

    • Size

      26KB

    • MD5

      5ca4876332f88d099c737ce267392a40

    • SHA1

      13d7662f2c4984540366a4e54a7beddcdd1a755c

    • SHA256

      3e74c84dcf96d3231fffd270a27fff6e2d5d7a4a8d082a5ccb786f73bad79719

    • SHA512

      3f6ac188c4bffb78ae451d49ec7586d3cec7fda6d03ece7df831f2e1ab676ab2e031f36d0dc0e7e773e1f7738ab1c5be43e8076e8422f80976ebbc4d0d4443c3

    • SSDEEP

      384:vrD/ik3dAr40CQwbvwxOakzsdDLgQWBUp9IvgsHVIez63X2ytsyA:3ahM0DQvwEa0lQg3v+ez63X2ybA

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks