General

  • Target

    0e29fe7841d99a746c601d9a9ff393b555177ad17c2d2d99319067c52c891f54N.exe

  • Size

    95KB

  • Sample

    241219-2yblsssqdn

  • MD5

    ebeaca1811d01b7d143bd1b35d67d0f0

  • SHA1

    9c51bce73607d48ed8c783a8d666ea06b8ff1a32

  • SHA256

    0e29fe7841d99a746c601d9a9ff393b555177ad17c2d2d99319067c52c891f54

  • SHA512

    1d754f69d1738f766c7f46918675ea3a364a48be43f80c80cb1072b7d22c7618349e210d6cdce8b667687c59a6cd1a14ba8056258e9709f6cc25e3de1f81839e

  • SSDEEP

    1536:spBYfgR+0vLUJ9qVcysDE3PS8jApI9Yo1D03BD6nFNSXBUx2imHq2ilP/m6LFEfB:sEoRTLUJQKNpV0DuONbtmHolP/m6LFEZ

Malware Config

Targets

    • Target

      0e29fe7841d99a746c601d9a9ff393b555177ad17c2d2d99319067c52c891f54N.exe

    • Size

      95KB

    • MD5

      ebeaca1811d01b7d143bd1b35d67d0f0

    • SHA1

      9c51bce73607d48ed8c783a8d666ea06b8ff1a32

    • SHA256

      0e29fe7841d99a746c601d9a9ff393b555177ad17c2d2d99319067c52c891f54

    • SHA512

      1d754f69d1738f766c7f46918675ea3a364a48be43f80c80cb1072b7d22c7618349e210d6cdce8b667687c59a6cd1a14ba8056258e9709f6cc25e3de1f81839e

    • SSDEEP

      1536:spBYfgR+0vLUJ9qVcysDE3PS8jApI9Yo1D03BD6nFNSXBUx2imHq2ilP/m6LFEfB:sEoRTLUJQKNpV0DuONbtmHolP/m6LFEZ

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks