Extracted

• • Target

    1da2f65a4c1f57b90fa065ee82287e5b.exe

  • Size

    3.5MB

  • MD5

    1da2f65a4c1f57b90fa065ee82287e5b

  • SHA1

    18a9fe1baa48490cc36500f0a2cb55da28dc5377

  • SHA256

    e78920978425db126e160c542a0d61172f5805efb238b50e964d523baba1ef14

  • SHA512

    8345643fdcbe74cf90237c7e860ce584d0246c8ddb3a3be726c9ad855db5157ad588ce25d00655ce093a1703d2f1c9067c5344d3543a7cb28459626825a4fe5e

  • SSDEEP

    49152:U/Sok+OKQUADbH8wYpT2IQ5nKIrKwpt0dmCnlg3VdStsQ:Uy7U25XIkVFclg3VdS/

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2