Extracted

Extracted

• • Target

    751f66bf226c6773d41ee1b16788dc509d64af36206785fd9edb39eaf6028982

  • Size

    1.9MB

  • MD5

    82cb908a68275e3bc35158b546323631

  • SHA1

    4ffe5f66cfc667df8a3acce200199b2a5419a281

  • SHA256

    751f66bf226c6773d41ee1b16788dc509d64af36206785fd9edb39eaf6028982

  • SHA512

    ada9b9053e0cf8ea3d2f5a581366792c2c90a2009c53319f0bb435b915d586beab4d4ae46ed6b51284dc0973cf69418a1c2ab2c2b90cab86afc8e35989dc4729

  Score

  10^/10

  nanocorenjrathackedevasionkeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2