General
-
Target
eb09b1428d18d3c19dfe2cd67a39aef3b56f9fdb26c103c1ac324cf6c32a5659
-
Size
1.3MB
-
Sample
221130-xx1gbaba3y
-
MD5
65e4e35648c5e3420042efa9e030baca
-
SHA1
c1f807321a76dbe893d9f99c20e7934b19208490
-
SHA256
eb09b1428d18d3c19dfe2cd67a39aef3b56f9fdb26c103c1ac324cf6c32a5659
-
SHA512
fdfdfc8540af42861f301c1082bc168de264d74edb2897e2771ba011a0fd2b58af1358ece312670dcc1a00dbc78facb9056086225b8b07d0e6be01967b75e42d
-
SSDEEP
24576:n82orkRP/V1ep7sef8xffmTFOvr6Xiwf/PR8wsF42nSYLS/8WLl9:82o6/q1sef8xfWFOveLf/aFlSYO/3
Malware Config
Targets
-
-
Target
eb09b1428d18d3c19dfe2cd67a39aef3b56f9fdb26c103c1ac324cf6c32a5659
-
Size
1.3MB
-
MD5
65e4e35648c5e3420042efa9e030baca
-
SHA1
c1f807321a76dbe893d9f99c20e7934b19208490
-
SHA256
eb09b1428d18d3c19dfe2cd67a39aef3b56f9fdb26c103c1ac324cf6c32a5659
-
SHA512
fdfdfc8540af42861f301c1082bc168de264d74edb2897e2771ba011a0fd2b58af1358ece312670dcc1a00dbc78facb9056086225b8b07d0e6be01967b75e42d
-
SSDEEP
24576:n82orkRP/V1ep7sef8xffmTFOvr6Xiwf/PR8wsF42nSYLS/8WLl9:82o6/q1sef8xfWFOveLf/aFlSYO/3
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-