General

  • Target

    2baf488484fded3d725a36d1e47e241dfefcdb0dc1c41ce4250af9a17b61305e

  • Size

    28KB

  • Sample

    221030-ty8brsaab5

  • MD5

    83646dfbc227fefc7fc941feca328c20

  • SHA1

    55ea993d57dfbef0b32958576ac861393c7dd3f1

  • SHA256

    2baf488484fded3d725a36d1e47e241dfefcdb0dc1c41ce4250af9a17b61305e

  • SHA512

    d9c196fc333d625b59e49ebb7b9515fffb75230f3cba9190f8b3d78bd4e74eb65f15a87c344ed9256cbcc99b8ae325c91c0783b4fda1e22208b4dc7e80ca6426

  • SSDEEP

    384:h8eUq6Z/n5wT9MZ5ZIcq0yHBxcUKHix4UV+Kq8QqEMM8Jwj2a0LE2sfvbilMxwkq:2p3le+5ZTyH74UVWX8Jwh0LWXbZm

Malware Config

Targets

    • Target

      2baf488484fded3d725a36d1e47e241dfefcdb0dc1c41ce4250af9a17b61305e

    • Size

      28KB

    • MD5

      83646dfbc227fefc7fc941feca328c20

    • SHA1

      55ea993d57dfbef0b32958576ac861393c7dd3f1

    • SHA256

      2baf488484fded3d725a36d1e47e241dfefcdb0dc1c41ce4250af9a17b61305e

    • SHA512

      d9c196fc333d625b59e49ebb7b9515fffb75230f3cba9190f8b3d78bd4e74eb65f15a87c344ed9256cbcc99b8ae325c91c0783b4fda1e22208b4dc7e80ca6426

    • SSDEEP

      384:h8eUq6Z/n5wT9MZ5ZIcq0yHBxcUKHix4UV+Kq8QqEMM8Jwj2a0LE2sfvbilMxwkq:2p3le+5ZTyH74UVWX8Jwh0LWXbZm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks