Extracted

• • Target

    63d2aae49860c92606119f1ccb7fcb52b2b03cd4ef9c8c929b1924b28b299764

  • Size

    914KB

  • MD5

    45e132f76034fd00c9cee27cb3964ac8

  • SHA1

    a06b6e8151396a36a71e9ac98cbafd0610f1e1e1

  • SHA256

    63d2aae49860c92606119f1ccb7fcb52b2b03cd4ef9c8c929b1924b28b299764

  • SHA512

    3ee5ffc85be4cc9ecfeda4a18bd5a844e1cef4099d787d0153857540b3616d70e41f2275011963eb17ffdcf90e6eb15c5934c36c1d8702aa81da0135629a98a6

  • SSDEEP

    12288:OjeznM+gbvs+rDv+EjeznM+gbvs+rDv+DjeznM+gbvs+rDv+L:2eznebvPeAeznebvPefeznebvPeL

  Score

  10^/10

  njratpbbrvitimasevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2