Extracted

• • Target

    72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe

  • Size

    37KB

  • MD5

    70aca878bfaac1eaf7019eddd97fc877

  • SHA1

    4997c055b582c71cbb3863c9523986b51a339797

  • SHA256

    72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60

  • SHA512

    17bedcd516ba8f18b5e4d8a2a8c9d1b6e95be2158d654b3b15fe2d379cdce682c609801e1b5c01487fa732ef1591d7cde1460448ffd4ffe8a50f6c3c82cb36c2

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2