General
-
Target
73c9e10a57453a77c390efb9818dcac54926b012aa2bc4a88d319a1067f14e65.exe
-
Size
794KB
-
Sample
240228-vagdtagg7v
-
MD5
678f97d321682b010dfed3b72678d6ee
-
SHA1
af0f005bd2a69cb97b8dc2398db78fca9dfb594f
-
SHA256
73c9e10a57453a77c390efb9818dcac54926b012aa2bc4a88d319a1067f14e65
-
SHA512
9484c053694406750959df85967f32745ab2f664867c34dc3be42f721a3fa400343619db7d6175f57dd02b26b99cfaa2987da63c3c5ee94190e29e2e853ce14b
-
SSDEEP
24576:7RDE/UScR0XA1+SEyTAVf3H0kYlEmvvzgxm:1o/nXAzE13H/0Emvvzgk
Malware Config
Targets
-
-
Target
73c9e10a57453a77c390efb9818dcac54926b012aa2bc4a88d319a1067f14e65.exe
-
Size
794KB
-
MD5
678f97d321682b010dfed3b72678d6ee
-
SHA1
af0f005bd2a69cb97b8dc2398db78fca9dfb594f
-
SHA256
73c9e10a57453a77c390efb9818dcac54926b012aa2bc4a88d319a1067f14e65
-
SHA512
9484c053694406750959df85967f32745ab2f664867c34dc3be42f721a3fa400343619db7d6175f57dd02b26b99cfaa2987da63c3c5ee94190e29e2e853ce14b
-
SSDEEP
24576:7RDE/UScR0XA1+SEyTAVf3H0kYlEmvvzgxm:1o/nXAzE13H/0Emvvzgk
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1