General

  • Target

    activator.EXE

  • Size

    614KB

  • Sample

    240413-rrqr2aea99

  • MD5

    e1ca7a609027fa33081ccf5f22bedd6c

  • SHA1

    59aeb5c2e12be9f7cce24604c0c5830590c80603

  • SHA256

    4de3e7bb2099b0d25d483d8ec3e0e8976d4cec3ba2f9d49709785f3ff1211498

  • SHA512

    768f8549a75fcba4c778017a761372a4bdec877a6fd11f33367235711d05e54f804e764580c919d7ff269b434add69c357b5d5afe7dc37d5ca35de2ce7d3f05f

  • SSDEEP

    12288:ebDo7YNQ62YcKify3iNk+eoTYwhK7kOOnSr3/35ellbLdx6hw9Bz7:UcwQBsiK30eoTYwhbhnQ3v0lP9B

Malware Config

Targets

    • Target

      activator.EXE

    • Size

      614KB

    • MD5

      e1ca7a609027fa33081ccf5f22bedd6c

    • SHA1

      59aeb5c2e12be9f7cce24604c0c5830590c80603

    • SHA256

      4de3e7bb2099b0d25d483d8ec3e0e8976d4cec3ba2f9d49709785f3ff1211498

    • SHA512

      768f8549a75fcba4c778017a761372a4bdec877a6fd11f33367235711d05e54f804e764580c919d7ff269b434add69c357b5d5afe7dc37d5ca35de2ce7d3f05f

    • SSDEEP

      12288:ebDo7YNQ62YcKify3iNk+eoTYwhK7kOOnSr3/35ellbLdx6hw9Bz7:UcwQBsiK30eoTYwhbhnQ3v0lP9B

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks