Extracted

• • Target

    211325afecc4756847d5964f312e0a56.exe

  • Size

    1.1MB

  • MD5

    211325afecc4756847d5964f312e0a56

  • SHA1

    c3479dcf0edf80bf3549c63c403e0b6c2d38e1dc

  • SHA256

    1cc62bcf5d8ec1beb8d7414e95aac964b31d0fcdca01f5dabfbd979ba7f44ad9

  • SHA512

    4baa3170c5d2462f48912b201493ea1c938aa8d946b9578543035e8592196c83fce4a15f0f7233e25c6302a900b4e47cc7dd83594e7d06fdac3a93a220b1a9eb

  • SSDEEP

    24576:DRSs5A7kY+1Bk6BJsOIbBBp2XyHTiYuRLwOvIYtZ:DxA7d+1Bk6pI1BAyZuRLEg

  Score

  10^/10

  njrathackmine141evasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2