Extracted

• • Target

    6290f4f614acabcfab28a0bc2a86e1e7394ebecafc567389690b96489288c633

  • Size

    155KB

  • MD5

    0b8e7fd231db3a3e757b61a9703e9700

  • SHA1

    fbbc470fd85d4cf37723799c1715a592ee154c27

  • SHA256

    6290f4f614acabcfab28a0bc2a86e1e7394ebecafc567389690b96489288c633

  • SHA512

    940cb0e6f55a90b3a2035dc1ab4415ffa007da8bdbf7161b71264be67db6c84d8c8cc9569e3a75e382f5c6f2c9067d1cfc1cc8639e0d6e0d4eb458a4f37441f2

  • SSDEEP

    3072:Yf50dqfOSGoskyIjqSpaHR2m6fHaa2o+UtCbC:Yx0oOksijXAVb

  Score

  10^/10

  njratmrtrojanevasionpersistence

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2