General

  • Target

    bfc4b4deeb63752021f0c5ab3f131998057eeedf432c9c2ff747007be89300feN

  • Size

    1.4MB

  • Sample

    241014-wr28aaserp

  • MD5

    1280141ffb881e94d9583f4590e44350

  • SHA1

    34760e79481085994ee8391e6ae0f49fe8cc3359

  • SHA256

    bfc4b4deeb63752021f0c5ab3f131998057eeedf432c9c2ff747007be89300fe

  • SHA512

    1b44624ca3976ee45a04612d2ce315fdbe0c010c8d9d494dce8ad35bbc0b95118e72f4fd229ef6aa167505afd4a7d266a23323a1cfc2d77371ce23b8c6c89418

  • SSDEEP

    24576:nEeqQq3KZU+f1nqBYHNhRkfUdalyOHUgf6iXzAJx2KkGtSHgqLsvr2:nEuq6xf1nnHNXkfU0lynZiDAJx2rGEA8

Malware Config

Targets

    • Target

      bfc4b4deeb63752021f0c5ab3f131998057eeedf432c9c2ff747007be89300feN

    • Size

      1.4MB

    • MD5

      1280141ffb881e94d9583f4590e44350

    • SHA1

      34760e79481085994ee8391e6ae0f49fe8cc3359

    • SHA256

      bfc4b4deeb63752021f0c5ab3f131998057eeedf432c9c2ff747007be89300fe

    • SHA512

      1b44624ca3976ee45a04612d2ce315fdbe0c010c8d9d494dce8ad35bbc0b95118e72f4fd229ef6aa167505afd4a7d266a23323a1cfc2d77371ce23b8c6c89418

    • SSDEEP

      24576:nEeqQq3KZU+f1nqBYHNhRkfUdalyOHUgf6iXzAJx2KkGtSHgqLsvr2:nEuq6xf1nnHNXkfU0lynZiDAJx2rGEA8

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks