Overview

overview

10

Static

static

11f2d468f7...5d.exe

windows7-x64

8

11f2d468f7...5d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11f2d468f7940e48002626b3689bc1897dbe8e619ba8a0ddddab47d3e4e5465d

  • Size

    414KB

  • Sample

    221125-fe8ljafe9y

  • MD5

    e1152289e1989db38eecd49724565c23

  • SHA1

    25fdc1df52e49beae6b801b313037fd12d4357ba

  • SHA256

    11f2d468f7940e48002626b3689bc1897dbe8e619ba8a0ddddab47d3e4e5465d

  • SHA512

    5bc681c9d174adc47da392da23dbef707f327868e4679991ebe6f85c6da2340084b15a0d8225fc36afda1c519c7c55fa9be8f2284fc156fd0354b8870ad10431

  • SSDEEP

    6144:CWYu8rpqIy3cJ301KQ2UPPBP3aZ6Jpa9mdsUkJUC0zVumLk1BfEolLm3:CW98dqIKJ9pqKC0xumaBHLy

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      11f2d468f7940e48002626b3689bc1897dbe8e619ba8a0ddddab47d3e4e5465d

    • Size

      414KB

    • MD5

      e1152289e1989db38eecd49724565c23

    • SHA1

      25fdc1df52e49beae6b801b313037fd12d4357ba

    • SHA256

      11f2d468f7940e48002626b3689bc1897dbe8e619ba8a0ddddab47d3e4e5465d

    • SHA512

      5bc681c9d174adc47da392da23dbef707f327868e4679991ebe6f85c6da2340084b15a0d8225fc36afda1c519c7c55fa9be8f2284fc156fd0354b8870ad10431

    • SSDEEP

      6144:CWYu8rpqIy3cJ301KQ2UPPBP3aZ6Jpa9mdsUkJUC0zVumLk1BfEolLm3:CW98dqIKJ9pqKC0xumaBHLy

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks