General

  • Target

    ECB25B8ADF7F999FBA6245D362153FDB.exe

  • Size

    1.1MB

  • Sample

    240127-s1wv3sehg8

  • MD5

    ecb25b8adf7f999fba6245d362153fdb

  • SHA1

    b406b28ea8c548d9456704075f0eca1cae069d65

  • SHA256

    ebe160919d1646d96694de6a38b7ac570f1827dedb163174bee9253a7475dd54

  • SHA512

    168d62846ff9416c150e2606843b48353afba8dd4096a0b020d3fdf04b06b61d9ebd932c81474d75cd8ef27adbb6e68aa09357b552bef764fc4c3a4eef6ac9d0

  • SSDEEP

    24576:ytJvXP4qv3tj+kZKwkffUrUDzV+8a2sXICfxsBqieGD5B4S:ytlgqd3K9ZfV+AsYCfxfof

Malware Config

Targets

    • Target

      ECB25B8ADF7F999FBA6245D362153FDB.exe

    • Size

      1.1MB

    • MD5

      ecb25b8adf7f999fba6245d362153fdb

    • SHA1

      b406b28ea8c548d9456704075f0eca1cae069d65

    • SHA256

      ebe160919d1646d96694de6a38b7ac570f1827dedb163174bee9253a7475dd54

    • SHA512

      168d62846ff9416c150e2606843b48353afba8dd4096a0b020d3fdf04b06b61d9ebd932c81474d75cd8ef27adbb6e68aa09357b552bef764fc4c3a4eef6ac9d0

    • SSDEEP

      24576:ytJvXP4qv3tj+kZKwkffUrUDzV+8a2sXICfxsBqieGD5B4S:ytlgqd3K9ZfV+AsYCfxfof

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks