Extracted

• • Target

    A81N2M36CINV0ICERECEIPT.exe

  • Size

    679KB

  • MD5

    ba79aabe98bf01d3f35359a9332be48f

  • SHA1

    0dbca5bfa445fca16f31bddfe3be23b1a41a80c0

  • SHA256

    0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143

  • SHA512

    ad16e94537e80d6a185c6be021eb3b459e204fcc424366d89b222849f60ba00478335a036e66c197609f9a77161b093f7240c7ef1d699ff842fd9289d6e828d3

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • Windows security bypass

    evasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2