General
-
Target
f014c3c7f1b1d9b831fcd81ab97a7508b6f5b1c290f1bd4b7aeaea2657998bc6
-
Size
698KB
-
Sample
240915-c9l48ssapj
-
MD5
5588995bafbfef1866fb110db534239a
-
SHA1
64a06074f98c6b0d103f2c6849768aa3ef5f4a59
-
SHA256
f014c3c7f1b1d9b831fcd81ab97a7508b6f5b1c290f1bd4b7aeaea2657998bc6
-
SHA512
ab6de29b94def87fa2faee4a3a25b647400c9d5e14f604f0cb20b9db375ddd308375f16d14d1bce799c078890abef99c579dc850e7687e3dedfb7f7f1214bf95
-
SSDEEP
3072:Y2JN+n6fW/m4mwp+P+GP2PnP4gfpHPxARHIPAIh1+P4PVoguv+OWRvp5XWe45GQf:Y
Malware Config
Targets
-
-
Target
f014c3c7f1b1d9b831fcd81ab97a7508b6f5b1c290f1bd4b7aeaea2657998bc6
-
Size
698KB
-
MD5
5588995bafbfef1866fb110db534239a
-
SHA1
64a06074f98c6b0d103f2c6849768aa3ef5f4a59
-
SHA256
f014c3c7f1b1d9b831fcd81ab97a7508b6f5b1c290f1bd4b7aeaea2657998bc6
-
SHA512
ab6de29b94def87fa2faee4a3a25b647400c9d5e14f604f0cb20b9db375ddd308375f16d14d1bce799c078890abef99c579dc850e7687e3dedfb7f7f1214bf95
-
SSDEEP
3072:Y2JN+n6fW/m4mwp+P+GP2PnP4gfpHPxARHIPAIh1+P4PVoguv+OWRvp5XWe45GQf:Y
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1