Extracted

• • Target

    a6788b416256f073b1eded7e517b9efc.exe

  • Size

    37KB

  • MD5

    a6788b416256f073b1eded7e517b9efc

  • SHA1

    748b30e16ad551fee8029f1070ab7c2c45c0bb15

  • SHA256

    514cde391d2cc75f6828eba57df708470e15000b3912cc280e6f2e0f70d911b6

  • SHA512

    3608c99f68605a1008e83dcf58cc6d48552889b804da21b0156848e2999d92294d6fdf84e3f0a2196e69ce56013bcbf02473a1d00fd37928e52cd3c9115891ce

  • SSDEEP

    384:qLTJ9kitkZf5W9cTYXyc/jZMM6zffknvU5IrAF+rMRTyN/0L+EcoinblneHQM3e5:CJqjjTYic/jW0vU2rM+rMRa8Nuvjt

  Score

  10^/10

  njrathafffevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2