Overview

overview

10

Static

static

3

be6230aa13...95.exe

windows7-x64

10

be6230aa13...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95

  • Size

    1.4MB

  • Sample

    240923-xqcfxa1fkf

  • MD5

    912148d711e9034409cee775b4a3ed4a

  • SHA1

    7fb4201413ca87c17cc896862a4e22e8aef0dda6

  • SHA256

    be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95

  • SHA512

    e82b4f0581864a1c05453e841453143c4a6d1636aca6b04b6fbd30a821667a8067973a778640f889c6000c311c2b10309a1bcfaf11730dc4cb105f728c198313

  • SSDEEP

    24576:yFU+Az4c5BPIPooHdgCLhjPVRa5YAEye7ffWNQdQhP6uQ4vyg2+sQMFaTS:JT4P3HdfLhx45YV7nqQdavQaMQS

Score
10/10
njratdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95

    • Size

      1.4MB

    • MD5

      912148d711e9034409cee775b4a3ed4a

    • SHA1

      7fb4201413ca87c17cc896862a4e22e8aef0dda6

    • SHA256

      be6230aa134cc4170d227a8bb79ee3ebb906b9a4281808369d07e224daefbd95

    • SHA512

      e82b4f0581864a1c05453e841453143c4a6d1636aca6b04b6fbd30a821667a8067973a778640f889c6000c311c2b10309a1bcfaf11730dc4cb105f728c198313

    • SSDEEP

      24576:yFU+Az4c5BPIPooHdgCLhjPVRa5YAEye7ffWNQdQhP6uQ4vyg2+sQMFaTS:JT4P3HdfLhx45YV7nqQdavQaMQS

    Score
    10/10
    njratdiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks