Overview

overview

10

Static

static

9334376013...f4.exe

windows7-x64

8

9334376013...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9334376013cec7d63bae23f99e5c0ffb26f2e9b9730e74495b4000725cdd6ef4

  • Size

    917KB

  • Sample

    221127-swt6pagg22

  • MD5

    6013b5dc4191ef309bce14e29d44f835

  • SHA1

    01f0b39f373f146f7af7305fa4fed3fd5d68a00b

  • SHA256

    9334376013cec7d63bae23f99e5c0ffb26f2e9b9730e74495b4000725cdd6ef4

  • SHA512

    d2f1a0e8b99140bff02d0c2021953c51b57268644ce342e428253c12ed4429b3bac5d2222d0023180be65ceb32dbb25576a114186200142bf9905cc26022138f

  • SSDEEP

    12288:b3bnX5kaPSU53TqdpA2L1/CpCD37qByX18ENW8sO/dsKQJFmgdX2Dg+ZEDp8pppF:btGL9VFX1FW0FLgX2Dg

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      9334376013cec7d63bae23f99e5c0ffb26f2e9b9730e74495b4000725cdd6ef4

    • Size

      917KB

    • MD5

      6013b5dc4191ef309bce14e29d44f835

    • SHA1

      01f0b39f373f146f7af7305fa4fed3fd5d68a00b

    • SHA256

      9334376013cec7d63bae23f99e5c0ffb26f2e9b9730e74495b4000725cdd6ef4

    • SHA512

      d2f1a0e8b99140bff02d0c2021953c51b57268644ce342e428253c12ed4429b3bac5d2222d0023180be65ceb32dbb25576a114186200142bf9905cc26022138f

    • SSDEEP

      12288:b3bnX5kaPSU53TqdpA2L1/CpCD37qByX18ENW8sO/dsKQJFmgdX2Dg+ZEDp8pppF:btGL9VFX1FW0FLgX2Dg

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks