General

  • Target

    e565047d34c8bae13cc7505f373f4e559c2911b09ec01e91def5e34f13084cb6

  • Size

    1.0MB

  • Sample

    241009-x856yasdmr

  • MD5

    a12fd3e3505773c5d150ab354c44b541

  • SHA1

    a4b245b906b02f3197b03d9d3db0d5b6426efbfd

  • SHA256

    e565047d34c8bae13cc7505f373f4e559c2911b09ec01e91def5e34f13084cb6

  • SHA512

    696bdb4d94650d1b5f63d18903f586aed33dfb99b90eff43ea69f33047d4218a49fb5e6050da66cd0370a575d3c4cc71178fb0af89a6f5d5ecc432b5352084c4

  • SSDEEP

    12288:MDLRHNPMFlWZyHYz0oQfcMS+nnTgeXKWb19sU2WCUQm+Ru/xvHb/JL:MBtPMPTWknU6jcYRHb/J

Malware Config

Targets

    • Target

      e565047d34c8bae13cc7505f373f4e559c2911b09ec01e91def5e34f13084cb6

    • Size

      1.0MB

    • MD5

      a12fd3e3505773c5d150ab354c44b541

    • SHA1

      a4b245b906b02f3197b03d9d3db0d5b6426efbfd

    • SHA256

      e565047d34c8bae13cc7505f373f4e559c2911b09ec01e91def5e34f13084cb6

    • SHA512

      696bdb4d94650d1b5f63d18903f586aed33dfb99b90eff43ea69f33047d4218a49fb5e6050da66cd0370a575d3c4cc71178fb0af89a6f5d5ecc432b5352084c4

    • SSDEEP

      12288:MDLRHNPMFlWZyHYz0oQfcMS+nnTgeXKWb19sU2WCUQm+Ru/xvHb/JL:MBtPMPTWknU6jcYRHb/J

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks