General

  • Target

    e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN.exe

  • Size

    9.2MB

  • Sample

    241123-p3rgla1nhp

  • MD5

    b6abda2d4b24cef28f9c2b62731fcfd0

  • SHA1

    fdf3ae0bec83c2ec7d4e2883fc770e553b782a3d

  • SHA256

    e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252b

  • SHA512

    7e0f0835f7ce0d5fddfcd785ece05aff91f87fd6b95fce1b73c3464102af644a8e500338f5f1e75c648ee2b666089ab19350932a990f3cb9b2009bbcbfd721c2

  • SSDEEP

    196608:z6/u1LqqyReuuQt8k9BAXbdV9qWLk/YrNcONQl4Ik+B8I4GA81G+LNaK:z6/58EBOXQ/YrN+l4IY5G19a

Malware Config

Targets

    • Target

      e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252bN.exe

    • Size

      9.2MB

    • MD5

      b6abda2d4b24cef28f9c2b62731fcfd0

    • SHA1

      fdf3ae0bec83c2ec7d4e2883fc770e553b782a3d

    • SHA256

      e02e5802bacccd459b9891b49146b4c24703da9397d49a16ada35c329651252b

    • SHA512

      7e0f0835f7ce0d5fddfcd785ece05aff91f87fd6b95fce1b73c3464102af644a8e500338f5f1e75c648ee2b666089ab19350932a990f3cb9b2009bbcbfd721c2

    • SSDEEP

      196608:z6/u1LqqyReuuQt8k9BAXbdV9qWLk/YrNcONQl4Ik+B8I4GA81G+LNaK:z6/58EBOXQ/YrN+l4IY5G19a

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies Windows Firewall

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks