General
-
Target
4fff64c207d1d0ebe4073f120bb99720a90b79a8b9558e316f80b926c56ebf3b
-
Size
325KB
-
Sample
221128-wye2bsba9x
-
MD5
8bbb3b4c01554e0ff1a618554c067dc3
-
SHA1
294d26f917ed996c1f8aae3a57f723666cc49843
-
SHA256
4fff64c207d1d0ebe4073f120bb99720a90b79a8b9558e316f80b926c56ebf3b
-
SHA512
5454ae34b4bd6dfbe896a91a7d41197dcad048ed4b2aa8286dad5f2ed70fd41e5799815175aba059c4ca96997dd0e11ed30a48adb0f0486d7e656a560dab428c
-
SSDEEP
6144:XuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLcnSR51yB3l1G:e6Wq4aaE6KwyF5L0Y2D1PqLt5sBvG
Malware Config
Targets
-
-
Target
4fff64c207d1d0ebe4073f120bb99720a90b79a8b9558e316f80b926c56ebf3b
-
Size
325KB
-
MD5
8bbb3b4c01554e0ff1a618554c067dc3
-
SHA1
294d26f917ed996c1f8aae3a57f723666cc49843
-
SHA256
4fff64c207d1d0ebe4073f120bb99720a90b79a8b9558e316f80b926c56ebf3b
-
SHA512
5454ae34b4bd6dfbe896a91a7d41197dcad048ed4b2aa8286dad5f2ed70fd41e5799815175aba059c4ca96997dd0e11ed30a48adb0f0486d7e656a560dab428c
-
SSDEEP
6144:XuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLcnSR51yB3l1G:e6Wq4aaE6KwyF5L0Y2D1PqLt5sBvG
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-