General

  • Target

    c7d414e77ad789881f7313d2de7fcac8cfbdf1c87f24537bb923247715cef47fN

  • Size

    1.0MB

  • Sample

    241015-wbhhyasbqm

  • MD5

    13bcf63dff44ab074142d1c1af63a180

  • SHA1

    0a27a9bd90eaa91ae3020e2e594d0122452a1301

  • SHA256

    c7d414e77ad789881f7313d2de7fcac8cfbdf1c87f24537bb923247715cef47f

  • SHA512

    98df47bbca839f25a8d843f7901d487807ab84c442ed65d7f1f276e1055443b0a3da70e768477c506dea60adc5fe5a58fcef55effc341643158a93e446948613

  • SSDEEP

    12288:vRIycEf7Dqq43tg452FUcGXSztkNslsZxoh+evr3lYvgQoovFMqHLj07nyAeuLcg:vRIycEf7t33CiqfUnkU9cquD

Malware Config

Targets

    • Target

      c7d414e77ad789881f7313d2de7fcac8cfbdf1c87f24537bb923247715cef47fN

    • Size

      1.0MB

    • MD5

      13bcf63dff44ab074142d1c1af63a180

    • SHA1

      0a27a9bd90eaa91ae3020e2e594d0122452a1301

    • SHA256

      c7d414e77ad789881f7313d2de7fcac8cfbdf1c87f24537bb923247715cef47f

    • SHA512

      98df47bbca839f25a8d843f7901d487807ab84c442ed65d7f1f276e1055443b0a3da70e768477c506dea60adc5fe5a58fcef55effc341643158a93e446948613

    • SSDEEP

      12288:vRIycEf7Dqq43tg452FUcGXSztkNslsZxoh+evr3lYvgQoovFMqHLj07nyAeuLcg:vRIycEf7t33CiqfUnkU9cquD

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks