General
-
Target
be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95
-
Size
1.4MB
-
Sample
240923-xqcfxa1fkf
-
MD5
912148d711e9034409cee775b4a3ed4a
-
SHA1
7fb4201413ca87c17cc896862a4e22e8aef0dda6
-
SHA256
be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95
-
SHA512
e82b4f0581864a1c05453e841453143c4a6d1636aca6b04b6fbd30a821667a8067973a778640f889c6000c311c2b10309a1bcfaf11730dc4cb105f728c198313
-
SSDEEP
24576:yFU+Az4c5BPIPooHdgCLhjPVRa5YAEye7ffWNQdQhP6uQ4vyg2+sQMFaTS:JT4P3HdfLhx45YV7nqQdavQaMQS
Malware Config
Targets
-
-
Target
be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95
-
Size
1.4MB
-
MD5
912148d711e9034409cee775b4a3ed4a
-
SHA1
7fb4201413ca87c17cc896862a4e22e8aef0dda6
-
SHA256
be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95
-
SHA512
e82b4f0581864a1c05453e841453143c4a6d1636aca6b04b6fbd30a821667a8067973a778640f889c6000c311c2b10309a1bcfaf11730dc4cb105f728c198313
-
SSDEEP
24576:yFU+Az4c5BPIPooHdgCLhjPVRa5YAEye7ffWNQdQhP6uQ4vyg2+sQMFaTS:JT4P3HdfLhx45YV7nqQdavQaMQS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-