Extracted

• • Target

    2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

  • Size

    356KB

  • MD5

    779f561dc93adbf2b40e92ac374f7cf5

  • SHA1

    562ca1be06ff75f55893fa5472abbf7bb9fa6625

  • SHA256

    2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

  • SHA512

    d1a3f889c6f60b49d07519ddc73f9108012c8e4b81a01328ac75400bd10888428fed84c81a32da3ff00644e3149ba8ad4fd9720d2bb4c0819619e9f9f2069501

  • SSDEEP

    6144:9LM3L6hWtnvqI6vzkGTxapOEBqa5tXc8s:hMbaWtn6vzkYmVjC8s

  Score

  10^/10

  njratfbautoliker103evasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2