General
-
Target
534a46e4d4b274dfd5366ceba0e5ce88
-
Size
339KB
-
Sample
240111-mnp9wafaa4
-
MD5
534a46e4d4b274dfd5366ceba0e5ce88
-
SHA1
425805bb6f46b4496cd8234c8fb34c420f62f9a1
-
SHA256
1223f6a7ef9f4838631c9640c9552c66d61023283711f7e9b63b4d59014a0014
-
SHA512
53a88fa01aa85c0b174856ac4c5414053d9f774764920d5d32f82354e366014f636d85add9acabe13f7034139a1732ece045d782dfd70a80e58f4b49ddfb9849
-
SSDEEP
768:LevMNOunYSLjLEOHEn6fM1kF8amfIT3r5Wn/wZLkne43tgem4Kgo:ivA3LBixaZTdM/+gneGa66
Malware Config
Targets
-
-
Target
534a46e4d4b274dfd5366ceba0e5ce88
-
Size
339KB
-
MD5
534a46e4d4b274dfd5366ceba0e5ce88
-
SHA1
425805bb6f46b4496cd8234c8fb34c420f62f9a1
-
SHA256
1223f6a7ef9f4838631c9640c9552c66d61023283711f7e9b63b4d59014a0014
-
SHA512
53a88fa01aa85c0b174856ac4c5414053d9f774764920d5d32f82354e366014f636d85add9acabe13f7034139a1732ece045d782dfd70a80e58f4b49ddfb9849
-
SSDEEP
768:LevMNOunYSLjLEOHEn6fM1kF8amfIT3r5Wn/wZLkne43tgem4Kgo:ivA3LBixaZTdM/+gneGa66
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1