General

  • Target

    hostr.exe

  • Size

    105KB

  • Sample

    241011-sa37gatanl

  • MD5

    5a559b6d223c79f3736dc52794636cfd

  • SHA1

    5c4676b37fcd49990d21960a2df57af72ceef29a

  • SHA256

    6f201afc797370ac6e33fafec41a794a2eb44c1bfd7d9079e3633ebe7bbb41e1

  • SHA512

    7a12510fe2104a1860bccdd12d96449eb8b02e30f9757bf3fbb4aef3373c710afbaef380ad7f4b1f9fa8129d8bdc096b8f16cb6b1aada0495dba80db33fb9ce2

  • SSDEEP

    1536:aDYEasJqkUssXOcfaAJzYU4r/1CbSYlIePDVFkhgIJZH:aasJjUfFOderYRH

Malware Config

Targets

    • Target

      hostr.exe

    • Size

      105KB

    • MD5

      5a559b6d223c79f3736dc52794636cfd

    • SHA1

      5c4676b37fcd49990d21960a2df57af72ceef29a

    • SHA256

      6f201afc797370ac6e33fafec41a794a2eb44c1bfd7d9079e3633ebe7bbb41e1

    • SHA512

      7a12510fe2104a1860bccdd12d96449eb8b02e30f9757bf3fbb4aef3373c710afbaef380ad7f4b1f9fa8129d8bdc096b8f16cb6b1aada0495dba80db33fb9ce2

    • SSDEEP

      1536:aDYEasJqkUssXOcfaAJzYU4r/1CbSYlIePDVFkhgIJZH:aasJjUfFOderYRH

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks