Extracted

• • Target

    eeb241cbaeb8035f147c2d776531ce81e8c3037824a8cc7b338ac01c261748b2

  • Size

    1.4MB

  • MD5

    db0833bbdf05366179475429fb48346a

  • SHA1

    c40dd88898948630b8ab8c78b1c68afdcf776554

  • SHA256

    eeb241cbaeb8035f147c2d776531ce81e8c3037824a8cc7b338ac01c261748b2

  • SHA512

    92f726c3b4362287376554b13494d7a94371f7409ce315a38947e21a119392b716b37895c752550877f5dacb242ecd4e6d21be9acca9a637a68af1a590e450e2

  • SSDEEP

    24576:JFLjt/NTbdbzs7+3N5zXN2oRfpZFL/5wXKCyFOBsrvwqSvytsw/KaYUm97MaAgN3:DarTKM

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2