General

  • Target

    Client.exe

  • Size

    157KB

  • Sample

    240530-qb4taahe7x

  • MD5

    2560eaeea2f78be73934dff77dc21115

  • SHA1

    47da9e0270fdd3c762dcb371614eaf4ff67add03

  • SHA256

    c5bbe1f75d15903b38f0c1e944b8205dcbbb8033206b22921ad90bc64b0699e6

  • SHA512

    5ac9af16716e2e9ffa1cec0f74f273468789caf157ddfe7cbf20e6efdf03ad5f0c86d46bf8944c15a79c8d890ec4f683a9c4758c44c3ce5a5f0d3915f9fe977c

  • SSDEEP

    3072:CISoucNzBhW8cKaf7uWQOPodew6FPudZjbahd1P+Aw+RMqgZ:YK5cKsK/jdew6xulbaP+ug

Malware Config

Targets

    • Target

      Client.exe

    • Size

      157KB

    • MD5

      2560eaeea2f78be73934dff77dc21115

    • SHA1

      47da9e0270fdd3c762dcb371614eaf4ff67add03

    • SHA256

      c5bbe1f75d15903b38f0c1e944b8205dcbbb8033206b22921ad90bc64b0699e6

    • SHA512

      5ac9af16716e2e9ffa1cec0f74f273468789caf157ddfe7cbf20e6efdf03ad5f0c86d46bf8944c15a79c8d890ec4f683a9c4758c44c3ce5a5f0d3915f9fe977c

    • SSDEEP

      3072:CISoucNzBhW8cKaf7uWQOPodew6FPudZjbahd1P+Aw+RMqgZ:YK5cKsK/jdew6xulbaP+ug

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks