Extracted

• • Target

    f9594e56757e9ea47d5bf9c197f998c62b81210c5e0d09f48b5c338dd9760285

  • Size

    176KB

  • MD5

    723bff1cecdb25f0e189903c3da43e37

  • SHA1

    c29c78cb18f1241adc4f5d0586dcd8084fee7bf4

  • SHA256

    f9594e56757e9ea47d5bf9c197f998c62b81210c5e0d09f48b5c338dd9760285

  • SHA512

    7ebd55242947558e39153414620ee92f7e1d6b31331fdb03203e697c1b55c3a5cbbf9c41f837c9fba9b66585b0f8ddddf962fe43712c97d7c8487d9abca4c91f

  • SSDEEP

    3072:2+RL0PoFS5rWGXBbxQx7fV0Gwtu2Bs7RfCAz2ZCnZSftPHuan/n7N/nAh/Q1Y/:HODXxyx504qcxCAyCMxOcn7N/Xe

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2