Extracted

• • Target

    259a6df8e119f4258a9505337fbb5d43834217d3f16ed1bd340512443f1d9822

  • Size

    23KB

  • MD5

    08dd0dc8d53f4da8f3cf9a9f00390273

  • SHA1

    7d2fe0324e014fb8c485f81aa659ed1353632e99

  • SHA256

    259a6df8e119f4258a9505337fbb5d43834217d3f16ed1bd340512443f1d9822

  • SHA512

    1587c2b5ed83af6f369388d9df13e016d1d579ac06f9522c5900b5a870a3bc2186a03bc8ccf6772c9a37e1eb084848e72779fd234908ccc89a6175fd7a3768f4

  • SSDEEP

    384:r1MKFYuEEhERvoBG16Xuy0MJNw6Dg1Y+75JTFmRvR6JZlbw8hqIusZzZPRY:r+W4V6+yRRpcnuN

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2