General
-
Target
5ce0e5243691b94f82a7542be0e53243.exe
-
Size
1.1MB
-
Sample
250224-3sayravnx7
-
MD5
5ce0e5243691b94f82a7542be0e53243
-
SHA1
90ee1a7d39a907c0818aabc87a07de90d3a73958
-
SHA256
24a6454cbfebd84b0cfb7d0fc0ec2c7f55bd1c9c58a885149dac151d3c5f02f3
-
SHA512
ce899bd04209c28b9e7aa3b31b75ff1620bde39470f02f902de67d3a2a8c989d37e635e3e01a631f15ea2e7fbf243b3d1172d154f7acd836abd86a68f5a76dce
-
SSDEEP
24576:v0Pzhh+oPYTreyJrpBpyq/l5eXcdzURv/fjRUqH/XnOKtyK:cnbsJBt5shnfFUqfXnOKty
Malware Config
Targets
-
-
Target
5ce0e5243691b94f82a7542be0e53243.exe
-
Size
1.1MB
-
MD5
5ce0e5243691b94f82a7542be0e53243
-
SHA1
90ee1a7d39a907c0818aabc87a07de90d3a73958
-
SHA256
24a6454cbfebd84b0cfb7d0fc0ec2c7f55bd1c9c58a885149dac151d3c5f02f3
-
SHA512
ce899bd04209c28b9e7aa3b31b75ff1620bde39470f02f902de67d3a2a8c989d37e635e3e01a631f15ea2e7fbf243b3d1172d154f7acd836abd86a68f5a76dce
-
SSDEEP
24576:v0Pzhh+oPYTreyJrpBpyq/l5eXcdzURv/fjRUqH/XnOKtyK:cnbsJBt5shnfFUqfXnOKty
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1