General

  • Target

    380cce3fb385a0bac70106c8840a7bde767e3264bcaadb4ea12bf79f5fde8c40

  • Size

    1.6MB

  • Sample

    221124-n9zacacd95

  • MD5

    f450b12ec73dc7b8bac81eada753532d

  • SHA1

    84e22daf20b0fc509b73feea0d2f03189023989a

  • SHA256

    380cce3fb385a0bac70106c8840a7bde767e3264bcaadb4ea12bf79f5fde8c40

  • SHA512

    1e5037beb3ed3b218c93f806660096abe1684cdcaeb0f663e40231f5bfb2e6e4277c4145eed2bd0a5f6076d9e54d87811dffab1d7181d01c41a5e89a93d73693

  • SSDEEP

    24576:g+NQ4OWa9YEg72Nip6HBSI3ArnwUD8V7SKfq76nj+:gD4OX9YEg7iip6HZ3ArnwY47S8q76

Malware Config

Targets

    • Target

      380cce3fb385a0bac70106c8840a7bde767e3264bcaadb4ea12bf79f5fde8c40

    • Size

      1.6MB

    • MD5

      f450b12ec73dc7b8bac81eada753532d

    • SHA1

      84e22daf20b0fc509b73feea0d2f03189023989a

    • SHA256

      380cce3fb385a0bac70106c8840a7bde767e3264bcaadb4ea12bf79f5fde8c40

    • SHA512

      1e5037beb3ed3b218c93f806660096abe1684cdcaeb0f663e40231f5bfb2e6e4277c4145eed2bd0a5f6076d9e54d87811dffab1d7181d01c41a5e89a93d73693

    • SSDEEP

      24576:g+NQ4OWa9YEg72Nip6HBSI3ArnwUD8V7SKfq76nj+:gD4OX9YEg7iip6HZ3ArnwY47S8q76

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks