General

  • Target

    774c71b2ad63aca17ec16edd78daaa81

  • Size

    92KB

  • Sample

    240126-n51mlseebl

  • MD5

    774c71b2ad63aca17ec16edd78daaa81

  • SHA1

    9cc5439d98be8b02020bbe573882dde00d6733ba

  • SHA256

    e96744aa5d4cab806adce97c34e79b44dd9e3ac4e2dead015d307c59fdc33607

  • SHA512

    36ba22645ab82d34f474ff30997fbb049711b672b0f255386361d76251fcad54a752947998ec82dbd83a0c740da4067066d44d885603b88efdc61fe33438e8e2

  • SSDEEP

    1536:r+r18rOTkuiAz9L2jsLsS4OzTrdz5QLN7jqpwuZEaMbw6jy7Getez9zLRxSsRsHX:Y1rkuz2jsLUO5lQR2G0n6+a5zG6UV

Malware Config

Targets

    • Target

      774c71b2ad63aca17ec16edd78daaa81

    • Size

      92KB

    • MD5

      774c71b2ad63aca17ec16edd78daaa81

    • SHA1

      9cc5439d98be8b02020bbe573882dde00d6733ba

    • SHA256

      e96744aa5d4cab806adce97c34e79b44dd9e3ac4e2dead015d307c59fdc33607

    • SHA512

      36ba22645ab82d34f474ff30997fbb049711b672b0f255386361d76251fcad54a752947998ec82dbd83a0c740da4067066d44d885603b88efdc61fe33438e8e2

    • SSDEEP

      1536:r+r18rOTkuiAz9L2jsLsS4OzTrdz5QLN7jqpwuZEaMbw6jy7Getez9zLRxSsRsHX:Y1rkuz2jsLUO5lQR2G0n6+a5zG6UV

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks