Extracted

• • Target

    04e9ed6d3fb7eeb02e9fdec8b05ed90dc3ff31e9bb7b91ca499a97ddbf42e3e3

  • Size

    103KB

  • MD5

    bbf308c537f6d6a4dfd3ee7683e48036

  • SHA1

    2018c22217e78d9535e638f2b62d771f2ade55c0

  • SHA256

    04e9ed6d3fb7eeb02e9fdec8b05ed90dc3ff31e9bb7b91ca499a97ddbf42e3e3

  • SHA512

    709786a8094989228926fce33cc814e8d3c7fa4f1de54062853d02479e3e2ea4cf41f25cee20ed58966edecda0cf1e7e83b1adf3efb85cb16ff5f8b68bf4f789

  • SSDEEP

    3072:4CpBakLRWHFAANVvLI03YCTYknnyQ3qdjf9y:1BfLEF5uCTf3qJ

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2