General

  • Target

    3aa2c676f88dc69b493d18a5da4a849186d335575abf3842fa5af567f2ce404eN.exe

  • Size

    500KB

  • Sample

    241217-ye4lpaxjbp

  • MD5

    8d99fd4b1b5a30d593fbf8691342c330

  • SHA1

    3da6189f17ecf7ee4b05298cf3da765a287b7dcf

  • SHA256

    3aa2c676f88dc69b493d18a5da4a849186d335575abf3842fa5af567f2ce404e

  • SHA512

    c7a9e57c41852fb26466bfbe40705074e2a66dc9682c06d215a480b40c76dacc8e2d3777b78e0919afb5e6544c1275f2a1f632cd5a020261046a6ff4e779360a

  • SSDEEP

    6144:os/C8LWBALoYVqgoaQpa1TJJhbGM0/TqdGqJ4UWB95CmdA3VN1lV:os7LWADXQpaTJON/TqZ+zzwVn

Malware Config

Targets

    • Target

      3aa2c676f88dc69b493d18a5da4a849186d335575abf3842fa5af567f2ce404eN.exe

    • Size

      500KB

    • MD5

      8d99fd4b1b5a30d593fbf8691342c330

    • SHA1

      3da6189f17ecf7ee4b05298cf3da765a287b7dcf

    • SHA256

      3aa2c676f88dc69b493d18a5da4a849186d335575abf3842fa5af567f2ce404e

    • SHA512

      c7a9e57c41852fb26466bfbe40705074e2a66dc9682c06d215a480b40c76dacc8e2d3777b78e0919afb5e6544c1275f2a1f632cd5a020261046a6ff4e779360a

    • SSDEEP

      6144:os/C8LWBALoYVqgoaQpa1TJJhbGM0/TqdGqJ4UWB95CmdA3VN1lV:os7LWADXQpaTJON/TqZ+zzwVn

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks