General
-
Target
3065acfbbf6e00ca7a43132ac13a91c755e98e0b75b0aa844d7a877e6e366ecbN.exe
-
Size
930KB
-
Sample
241201-v1d2daxjhv
-
MD5
7629995fef4ead652941d6e16073bb10
-
SHA1
8b23f79a85cb1917a4d9bddf3e040c5686cf1a1c
-
SHA256
3065acfbbf6e00ca7a43132ac13a91c755e98e0b75b0aa844d7a877e6e366ecb
-
SHA512
b10a4daff7b05c527ee7d72448016ed46a964d886d016986df99aa3ea90c0e42f185384aacec9db0f1720d0a56deb80d907d23680ce20fe4aabda426dc409f2f
-
SSDEEP
24576:lyx6q7OtSIZM98utO/MMEApCahAtcg6Zld6BbfZ:Ax17tUMO/MMtlA+Zz65fZ
Malware Config
Targets
-
-
Target
3065acfbbf6e00ca7a43132ac13a91c755e98e0b75b0aa844d7a877e6e366ecbN.exe
-
Size
930KB
-
MD5
7629995fef4ead652941d6e16073bb10
-
SHA1
8b23f79a85cb1917a4d9bddf3e040c5686cf1a1c
-
SHA256
3065acfbbf6e00ca7a43132ac13a91c755e98e0b75b0aa844d7a877e6e366ecb
-
SHA512
b10a4daff7b05c527ee7d72448016ed46a964d886d016986df99aa3ea90c0e42f185384aacec9db0f1720d0a56deb80d907d23680ce20fe4aabda426dc409f2f
-
SSDEEP
24576:lyx6q7OtSIZM98utO/MMEApCahAtcg6Zld6BbfZ:Ax17tUMO/MMtlA+Zz65fZ
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1