Extracted

• • Target

    dddc091c8487059bd86dda84f7ba5f898b702646b689b6b5821fb48056a1e438

  • Size

    33KB

  • MD5

    802e87744c7f10f02b58807d6ed20ae0

  • SHA1

    4ad7765d0f36d7a27066dbf68a3062fdbf90c503

  • SHA256

    dddc091c8487059bd86dda84f7ba5f898b702646b689b6b5821fb48056a1e438

  • SHA512

    ec0b84ef45fa28c21900bdeae8618d69c44beff63f34b1423edda0913213b3f0f62a313786620f93d67e8e0bb0a543eef4197466d9134717e5aeea1041fdea1c

  • SSDEEP

    768:rgnXtUSqGDsASBqu9kIG8G3S7o89U/fqOp/1SygSM:Mnd6puIDOud9ip8ZSM

  Score

  10^/10

  njratlakhalevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2