General

  • Target

    8a3d16ad0751e822074dbb1eb070a8f9

  • Size

    367KB

  • Sample

    240202-w6smdsefgp

  • MD5

    8a3d16ad0751e822074dbb1eb070a8f9

  • SHA1

    e3b2123acf8db847941fbed821eb01781a99d675

  • SHA256

    b2dbd19e850e5a0fbe89a4757f86ade69a446c15a1f2c0eae7ad924093537be7

  • SHA512

    5a567dd8eefeacdf704e65d7df913df5a25062f0f3039060e6e52166258e5198fac7e1ac972e96bf5391b4667752e4506f091b10a2c54f4315b077ffe64b795c

  • SSDEEP

    6144:+i2bgbbOcmqv4zXvl74wwNAkVZzjkQBUdXQb6THHbVlpqiGkAVT2okl3BTwNAkVS:+ngbbOzqQzTwNLVZzIQqTHbVlrGJVKoI

Malware Config

Targets

    • Target

      8a3d16ad0751e822074dbb1eb070a8f9

    • Size

      367KB

    • MD5

      8a3d16ad0751e822074dbb1eb070a8f9

    • SHA1

      e3b2123acf8db847941fbed821eb01781a99d675

    • SHA256

      b2dbd19e850e5a0fbe89a4757f86ade69a446c15a1f2c0eae7ad924093537be7

    • SHA512

      5a567dd8eefeacdf704e65d7df913df5a25062f0f3039060e6e52166258e5198fac7e1ac972e96bf5391b4667752e4506f091b10a2c54f4315b077ffe64b795c

    • SSDEEP

      6144:+i2bgbbOcmqv4zXvl74wwNAkVZzjkQBUdXQb6THHbVlpqiGkAVT2okl3BTwNAkVS:+ngbbOzqQzTwNLVZzIQqTHbVlrGJVKoI

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks