Extracted

• • Target

    f1c45dcab791f8e0ed057d4f50a564e4f81313151ab0320fbe3bc6c5bac54505

  • Size

    57KB

  • MD5

    267d180695106d81debe52f6f20ad261

  • SHA1

    151171d9d720d166719f9bb1b95b18007127b946

  • SHA256

    f1c45dcab791f8e0ed057d4f50a564e4f81313151ab0320fbe3bc6c5bac54505

  • SHA512

    09b4f8c0b8be2eedfa7ebe5f03dd27851778de4d7f161462eb357632a7e37e19adbf44761227a086b80c1455e2b54cfeb299ef9c27155f42f8c289f1dbe3d51c

  • SSDEEP

    1536:Ig+dL1sfm++vZkeQzpKbzuqtGVibs6EFwz96:Ig+dLOe+O/2cMaz

  Score

  10^/10

  njrathackedtrojanevasionpersistence

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2