General

  • Target

    New Project 1.exe

  • Size

    5.3MB

  • Sample

    250122-xz3dpasjgl

  • MD5

    b6f0198be0dd6b37cae764d9a969366e

  • SHA1

    aa8d5622aea5a0024f54d70f873fb3e8d32bfa13

  • SHA256

    49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc

  • SHA512

    92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513

  • SSDEEP

    98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9

Malware Config

Targets

    • Target

      New Project 1.exe

    • Size

      5.3MB

    • MD5

      b6f0198be0dd6b37cae764d9a969366e

    • SHA1

      aa8d5622aea5a0024f54d70f873fb3e8d32bfa13

    • SHA256

      49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc

    • SHA512

      92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513

    • SSDEEP

      98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks