General

  • Target

    BOOSTS BY KAYAN.exe

  • Size

    8.7MB

  • Sample

    240429-ys1f7abg21

  • MD5

    31f80ef556ba9387303a4397f9aacfb9

  • SHA1

    ec01b187b3096b158892418d2f56c7a01bd0b242

  • SHA256

    07fd4f6057097522e4c61053a12af6902612971a851217128ed164939bbe2d6b

  • SHA512

    5bbcf1695f507992d964727a8344e61ec60f59c449c3a0b420b30a2f361318ba302575452250bca88d32ffa89e188a4036809a4b35416583d2293d48ba2c1a25

  • SSDEEP

    196608:LOMuExEVzpfLUn3oQj4GXkPrTFTrBKBxKnM1EgZocg:LOVVUnWrpTQ0M17o3

Malware Config

Targets

    • Target

      BOOSTS BY KAYAN.exe

    • Size

      8.7MB

    • MD5

      31f80ef556ba9387303a4397f9aacfb9

    • SHA1

      ec01b187b3096b158892418d2f56c7a01bd0b242

    • SHA256

      07fd4f6057097522e4c61053a12af6902612971a851217128ed164939bbe2d6b

    • SHA512

      5bbcf1695f507992d964727a8344e61ec60f59c449c3a0b420b30a2f361318ba302575452250bca88d32ffa89e188a4036809a4b35416583d2293d48ba2c1a25

    • SSDEEP

      196608:LOMuExEVzpfLUn3oQj4GXkPrTFTrBKBxKnM1EgZocg:LOVVUnWrpTQ0M17o3

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks