Extracted

• • Target

    f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add

  • Size

    706KB

  • MD5

    7d0221cfad4f0d35c17b7210b005b3ba

  • SHA1

    6785c09aba569fa8c7faa6818d5243fe4e34cb2e

  • SHA256

    f4903c07e2162785d1b9d79fe5acfe8919059e548461959fd5bbf3ff3f560add

  • SHA512

    6b6943150f5580a45065c5ac2902bc41112331f6eca1e5ffbd5f448632375384e2cd0fcb6ce9fe042f1eddde1327e85d83965a170cd84a59bc12d9a6b4c50d9d

  • SSDEEP

    12288:fD9/Y3algourr1tS2Q6bFi84Z5Tdr8Obg5:fh/Y3AgoGSx4yDt

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2