Extracted

• • Target

    69d96c2c29f7475d82ff72fa8947b22bb0ea4634b0c63380e859e10f19057788

  • Size

    1.1MB

  • MD5

    4021ef6424a882498dd76f03a7f3689e

  • SHA1

    dfe52ed6cb32c8c141fe9785c485c38fa58dfc31

  • SHA256

    69d96c2c29f7475d82ff72fa8947b22bb0ea4634b0c63380e859e10f19057788

  • SHA512

    21cf0af8d746737a70bf542eeb398f133b838019929579b47392a21c227d22ceff181f7b32c2574bffd48e85467e19a5d1d8bcf36bc12febf829606ad865f049

  • SSDEEP

    24576:gn1T/Ny6o0Nu0n0t0LCDL0nTC8ErRdDFmLBZ+Kk54+0Ejl:gfo0E0n0i+8nm8+jFmLBMH2+0Ejl

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2