General
-
Target
d3974baab54052b2092c963d186c79f6e74aecfde88e795d7396b6131e7a69a6
-
Size
429KB
-
Sample
240831-z2gacawbpl
-
MD5
85364bd76643b27950b4425e769b0ebd
-
SHA1
82696376db8e08c6f8b0e2f4dd206246d0c2d1c0
-
SHA256
d3974baab54052b2092c963d186c79f6e74aecfde88e795d7396b6131e7a69a6
-
SHA512
54a35424dd56d1c100285f42949b3285b51d74842d015b485c743bb332a906c137c1c0b7d6d85c452dcea819dfe3419ac7b907312b3c9916012cf7775cc8b63a
-
SSDEEP
12288:bpWzDRuHTKppYP8/RC84MYkPpcou/MgvN4wBxdeC:FWEjP8QBMYcOb/MgvN4QF
Malware Config
Targets
-
-
Target
e83b309cc0449fd5467af9deae5ab1a96eb3dfdd79db1033606927690f500a95
-
Size
812KB
-
MD5
f518b92181d577f065d37a5bea8ece21
-
SHA1
f950f55f056010057c8fe427728a5a3a11320deb
-
SHA256
e83b309cc0449fd5467af9deae5ab1a96eb3dfdd79db1033606927690f500a95
-
SHA512
efaa4ab64b15ca198ee66d9f03ec38777dd61e7c82a6f35d5de2b97fadcffac52094772a428d4cb810524567c16a03e89b120fa127a46185629a01331f6d86fc
-
SSDEEP
12288:MlEp2n8+8EUo+t3Jayk94TYDGD1LVVOuJ5Jyw2P00RYun7OlHPLf5zPDKg5V1/I:Ml0+sBXDJj7u7O9PZDKg5fQ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1