Extracted

• • Target

    0CC7D034E9B01B5F02D0843E62C5CE0C79DC380FC3C12.exe

  • Size

    355KB

  • MD5

    23fb23c32c346850115102c7c51d59a0

  • SHA1

    10d8d48501447675facadf07a656aaa9668cad5a

  • SHA256

    0cc7d034e9b01b5f02d0843e62c5ce0c79dc380fc3c126be71c8ad31ab8acad6

  • SHA512

    8b0bd3919f9d122b02e21e33569b391f2fecb015a3a766f3c551fb9a3d2c9f8d0a5273a79532295744a0038f519a31bd0be95bdf24f0f83ce605ff43c3496f1c

  Score

  10^/10

  njrat1evasionpersistencesuricatatrojanupx

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata

  • Creates new service(s)

    persistence

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2