General

  • Target

    98beb11128477233f510135ca515e2daa0ecfd35b90992715c84a0faa71d7625

  • Size

    123KB

  • Sample

    241016-3f34rssfjp

  • MD5

    2120b66a2246d7661a980043ab82f05c

  • SHA1

    bb57a1ff817a59492a60fd5f61007a8e437197ec

  • SHA256

    98beb11128477233f510135ca515e2daa0ecfd35b90992715c84a0faa71d7625

  • SHA512

    255a3a45032dc744c95afa20a63f87b8714576fb1d7305d45a40f4501228489c740f56677aad88496bc470d2f3adc540b1448155813ec0639da1b5aee24cc6e5

  • SSDEEP

    3072:66/KF8sHs5WTjcCQmdsbGluHPxPhIH0j+2jCT:y/s5WVQJ5iZ2+T

Malware Config

Targets

    • Target

      98beb11128477233f510135ca515e2daa0ecfd35b90992715c84a0faa71d7625

    • Size

      123KB

    • MD5

      2120b66a2246d7661a980043ab82f05c

    • SHA1

      bb57a1ff817a59492a60fd5f61007a8e437197ec

    • SHA256

      98beb11128477233f510135ca515e2daa0ecfd35b90992715c84a0faa71d7625

    • SHA512

      255a3a45032dc744c95afa20a63f87b8714576fb1d7305d45a40f4501228489c740f56677aad88496bc470d2f3adc540b1448155813ec0639da1b5aee24cc6e5

    • SSDEEP

      3072:66/KF8sHs5WTjcCQmdsbGluHPxPhIH0j+2jCT:y/s5WVQJ5iZ2+T

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks