Extracted

• • Target

    9a83a23179a1d53e423ad52a61b66aca0b9112e582b5d231552a5d4f3ee296a5

  • Size

    160KB

  • MD5

    443e5df2d963a673d289b6b0deb0a9c0

  • SHA1

    b60b77e98139d5dc4ba43232dc523c181b7657cd

  • SHA256

    9a83a23179a1d53e423ad52a61b66aca0b9112e582b5d231552a5d4f3ee296a5

  • SHA512

    12c50bbd985787dba95a2a5b8aa87897848febe73306c936308299b0b46299ad07aa0edf160d711494a0d1baffbd589462f903c6b7ee4d3bfb2732f987a01ce5

  • SSDEEP

    3072:zgV1A29P+LOinkwb23uKHa31l9b9Qzywvt5mBSMu+aZsVSLy9DGGGG/GGGLJ:29PyO3n3BS7LQHFQBfu+aZsVSLy9DGGq

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2