Overview

overview

10

Static

static

10

ba566affa8...32.exe

windows7-x64

10

ba566affa8...32.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ba566affa8b7376c3d7f1d3b068d500b69318156514ee3f1600c13b2fd045b32

  • Size

    28KB

  • Sample

    221125-3hcplahg2t

  • MD5

    0d65a85800fdefbfaa263ee682d9db40

  • SHA1

    3350a5f508de154e6e62e882b9ef9711479456db

  • SHA256

    ba566affa8b7376c3d7f1d3b068d500b69318156514ee3f1600c13b2fd045b32

  • SHA512

    007ad07f0005781d488a4a6c24192c580bd8a5c39d1fe5eabe6dc83f5946b091f648090406325194d7e33119dba08163e58f3ac4d0288f395c2cbbdbd4d1a6d5

  • SSDEEP

    384:N+oKgsXN/EhzOiIUy1iKsysOEg/lhzLZqdwk5GOi0LE2rdQbilMxwzESJ6nJUC:UxX1IIUy1jsA/PB8ve0L5SbRS

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      ba566affa8b7376c3d7f1d3b068d500b69318156514ee3f1600c13b2fd045b32

    • Size

      28KB

    • MD5

      0d65a85800fdefbfaa263ee682d9db40

    • SHA1

      3350a5f508de154e6e62e882b9ef9711479456db

    • SHA256

      ba566affa8b7376c3d7f1d3b068d500b69318156514ee3f1600c13b2fd045b32

    • SHA512

      007ad07f0005781d488a4a6c24192c580bd8a5c39d1fe5eabe6dc83f5946b091f648090406325194d7e33119dba08163e58f3ac4d0288f395c2cbbdbd4d1a6d5

    • SSDEEP

      384:N+oKgsXN/EhzOiIUy1iKsysOEg/lhzLZqdwk5GOi0LE2rdQbilMxwzESJ6nJUC:UxX1IIUy1jsA/PB8ve0L5SbRS

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks