Extracted

• • Target

    3fc50f702839cf017f435608aaf685abae03b82ed9d06eb9fa8dc269d82e8f99

  • Size

    70KB

  • MD5

    e7bfd6f91699e476736a34d4e927e8a1

  • SHA1

    5b45881bcad12ebe1d93e507215d43ecf6eedb58

  • SHA256

    3fc50f702839cf017f435608aaf685abae03b82ed9d06eb9fa8dc269d82e8f99

  • SHA512

    52482ea7a12f965864af409e2bb678c2e7a934a55f96529a9428d786266d37037992a41091bc9fee2aa01bf5022d39e2df686b7a2c204305f8466d64780c1b54

  • SSDEEP

    1536:8HEQ6xbJGCY4dk9VhrYGvoH2DD/9ls+UjWlI6Q:UEyOGAGvVDpyJd6Q

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2