General
-
Target
CalamityGenV3.EXE
-
Size
50.1MB
-
Sample
240528-qpbpnagc59
-
MD5
ed9a95e87972a35e79e4fc06fd0389c4
-
SHA1
67534af35890728064d313af856e0b763cd441da
-
SHA256
e0b81ce21a37cbd4db6f46e4e381ce0961fb8446a064a9a21e0565ea2789123c
-
SHA512
4616f2a668413eadc6d94614b8443eb7dc426782fa939e0e370f7c62cb99ce76a7694a59f2269bb65c755a927cd28be32b2c3b304413396a2d5fbaa4e835f512
-
SSDEEP
1572864:pk+ke0Hplv8Bu7gyitmtcKM72/txwBTSYStEm:/H0JlvM0gp0+TUtEm
Malware Config
Targets
-
-
Target
CalamityGenV3.EXE
-
Size
50.1MB
-
MD5
ed9a95e87972a35e79e4fc06fd0389c4
-
SHA1
67534af35890728064d313af856e0b763cd441da
-
SHA256
e0b81ce21a37cbd4db6f46e4e381ce0961fb8446a064a9a21e0565ea2789123c
-
SHA512
4616f2a668413eadc6d94614b8443eb7dc426782fa939e0e370f7c62cb99ce76a7694a59f2269bb65c755a927cd28be32b2c3b304413396a2d5fbaa4e835f512
-
SSDEEP
1572864:pk+ke0Hplv8Bu7gyitmtcKM72/txwBTSYStEm:/H0JlvM0gp0+TUtEm
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1