modiloader | 8473acde4d3267b07e41f8eacdda17761b2a0d828d3a7cbaeab2bcab304d250f | Triage

Sharing

General

Target

8473acde4d3267b07e41f8eacdda17761b2a0d828d3a7cbaeab2bcab304d250f
Size

437KB
Sample

221126-cdarbsdd53
MD5

6494493746d95598cb1e64b1ed53669c
SHA1

12ed5c845c0b5818c5e7a6c5ff14d007ab50d546
SHA256

8473acde4d3267b07e41f8eacdda17761b2a0d828d3a7cbaeab2bcab304d250f
SHA512

3999294178e5b66961a372d43e0e3d978c79b0375fefe1eca22cfd92dec6c4f8382ad558472147702b5fd1e28decf8e2f328df6c4b2c7c5196c35922b9aec313
SSDEEP

12288:1u5+hCo1m1HOPDq2Owbfjkx0ZkYLt9VkrefM:1e+11m1HOrZbfjpkYLt9erefM

Score

10^/10

modiloader njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  8473acde4d3267b07e41f8eacdda17761b2a0d828d3a7cbaeab2bcab304d250f
- Size
  
  437KB
- MD5
  
  6494493746d95598cb1e64b1ed53669c
- SHA1
  
  12ed5c845c0b5818c5e7a6c5ff14d007ab50d546
- SHA256
  
  8473acde4d3267b07e41f8eacdda17761b2a0d828d3a7cbaeab2bcab304d250f
- SHA512
  
  3999294178e5b66961a372d43e0e3d978c79b0375fefe1eca22cfd92dec6c4f8382ad558472147702b5fd1e28decf8e2f328df6c4b2c7c5196c35922b9aec313
- SSDEEP
  
  12288:1u5+hCo1m1HOPDq2Owbfjkx0ZkYLt9VkrefM:1e+11m1HOrZbfjpkYLt9erefM
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan