Extracted

• • Target

    e3c00f1e5dcb8e1f9b66014c4010cd316f07cf16505caf54cd5149fbdb99f079

  • Size

    83KB

  • MD5

    75d03a98794e91667ed93ae48a471190

  • SHA1

    bbe74d03aab61f27e1bed2a92977c512f4f257e4

  • SHA256

    e3c00f1e5dcb8e1f9b66014c4010cd316f07cf16505caf54cd5149fbdb99f079

  • SHA512

    14b04cb8dd486aeca81ca06b730c1746edfa9eaf91b86938556bfb1237f2a51a68c4145a5cd4f4e3d0563aaf5bbc87df9363e4f6f8fd7ae98478efe8dff3752e

  • SSDEEP

    1536:YJVPB0Vv8qG8A1D0U5DPnRoRP5/crancT6YgjYDUJKGYE6hCQ1X5:YJoUqGrD9dnRop5/Z+6Y2tYE6hV

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2