Extracted

• • Target

    6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e

  • Size

    105KB

  • MD5

    494427ec6ad02d5ce45935c166c0d0f0

  • SHA1

    f2046741e3245550c438a078238e820f6bf142b2

  • SHA256

    6f28523042f4cb7882fc7a586730a5747437700be0e75673dba9c6a63e92430e

  • SHA512

    4db1491c4ebd9e5b6bb5f7df6687689b054e4a9b9b3799be6a8ef23dfc8a9bb3ff2d5f1c4eaeb26a21c76682518688bd509777ea8f833b11acc0c78f994c2229

  • SSDEEP

    3072:QaLFrswt4gAWi//1/8gVmedQ+x47VmoXocrV:QaxswBAZ/VJmV

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2