Overview

overview

10

Static

static

5

436d3357f7...d5.exe

windows7-x64

10

436d3357f7...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    436d3357f7a10b54305f1fc83d751681a7f2ced56e8b87dc0f8d20e45ea414d5

  • Size

    874KB

  • Sample

    221125-cqmlnaeb92

  • MD5

    cf19504f60a3c9807efac2d68546e341

  • SHA1

    9b85306b753d107b6aebcb6b25b17366df295ebd

  • SHA256

    436d3357f7a10b54305f1fc83d751681a7f2ced56e8b87dc0f8d20e45ea414d5

  • SHA512

    7b3f56c6be5db7a84b5ead01ad4a672198761df6819b4c7e3800b946ed889fbb1d8745cb653e37b856ddaedf490d1de36fbdd679a866ecc3016d1494e60f3427

  • SSDEEP

    12288:w4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgaqR9Anq9MmCS:w4lavt0LkLL9IMixoEgeaqRinq9MmCS

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      436d3357f7a10b54305f1fc83d751681a7f2ced56e8b87dc0f8d20e45ea414d5

    • Size

      874KB

    • MD5

      cf19504f60a3c9807efac2d68546e341

    • SHA1

      9b85306b753d107b6aebcb6b25b17366df295ebd

    • SHA256

      436d3357f7a10b54305f1fc83d751681a7f2ced56e8b87dc0f8d20e45ea414d5

    • SHA512

      7b3f56c6be5db7a84b5ead01ad4a672198761df6819b4c7e3800b946ed889fbb1d8745cb653e37b856ddaedf490d1de36fbdd679a866ecc3016d1494e60f3427

    • SSDEEP

      12288:w4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgaqR9Anq9MmCS:w4lavt0LkLL9IMixoEgeaqRinq9MmCS

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks