General
-
Target
5306d7ecaf0da530dc78430e89cf4600c6c5bd5030b33018934e5365c36e4866.exe
-
Size
1.5MB
-
Sample
250225-cxs21sxks3
-
MD5
5f37d210408c55b06f52b07c56b54332
-
SHA1
93419c92542b9e54d16daf6563bce75a922e1afa
-
SHA256
5306d7ecaf0da530dc78430e89cf4600c6c5bd5030b33018934e5365c36e4866
-
SHA512
0ccead69208996cfa5fc7941ba109694cc3a4963c6225a7311e0068cd1d087e615ff0f0b75b7ac05b30304684ab1738d94e5b074e40f1835b1d5985c2caf145b
-
SSDEEP
49152:+gqKIXzHU/CU0pLvA3XHjEJaqEOzudmnf:+zI/J6A3XHjERrf
Malware Config
Targets
-
-
Target
5306d7ecaf0da530dc78430e89cf4600c6c5bd5030b33018934e5365c36e4866.exe
-
Size
1.5MB
-
MD5
5f37d210408c55b06f52b07c56b54332
-
SHA1
93419c92542b9e54d16daf6563bce75a922e1afa
-
SHA256
5306d7ecaf0da530dc78430e89cf4600c6c5bd5030b33018934e5365c36e4866
-
SHA512
0ccead69208996cfa5fc7941ba109694cc3a4963c6225a7311e0068cd1d087e615ff0f0b75b7ac05b30304684ab1738d94e5b074e40f1835b1d5985c2caf145b
-
SSDEEP
49152:+gqKIXzHU/CU0pLvA3XHjEJaqEOzudmnf:+zI/J6A3XHjERrf
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1