Extracted

• • Target

    1294b2f4d7e36330ed22a7332963d614127473fcfcae8cba16e42dabfbb3eb42

  • Size

    440KB

  • MD5

    c4685f33c8dbb6aa3fbdcb4f1d7d4aac

  • SHA1

    f6a75a55beedf019fdc23c65cefce1b3e829bc9a

  • SHA256

    1294b2f4d7e36330ed22a7332963d614127473fcfcae8cba16e42dabfbb3eb42

  • SHA512

    78bd77b5c9646406fb3a12ee0ad93bb44a5c8dd7d5c07415d7a22528c68b55e7c70b6b7dac6f92370fe715f03ec61529e55e9278c2ffc2a7f13eb5512afaa056

  • SSDEEP

    12288:RtztJcg9EmcjJowktoOAbE928urH+DjBAjnL/:nztJ1kzk+bJ8urePBAjnL

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2