Extracted

• • Target

    2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac

  • Size

    219KB

  • MD5

    85ebf369d49d9c99e89dc08fa231076b

  • SHA1

    18dddad13efaa3f29ac7f7d89992c6449b902ebb

  • SHA256

    2df244e4240eeea9e0124d1d8e12c912e2ba519421a5d99cbfa1a768b3c2a2ac

  • SHA512

    d4f6f10d1e150ee51e3fb4c5a932ea63f079a17f50d846416b613b01790f4e76e993475190ea06583f77c4e387f685030aef7cc6f862b506aa63abacc4dd8241

  • SSDEEP

    6144:mV8xLIQ/j6TIZNhGWaOF33OWSkU1/ptr+GWM0DVX:WoMHUHKOxO+or+VX

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2