Extracted

• • Target

    Result.exe

  • Size

    27.0MB

  • MD5

    68db8e556211b25f451df5220076465d

  • SHA1

    bbb335a9e84179d90e22c621e5810b0407b43f81

  • SHA256

    4e8166227e63a86c10b8f4aa1e5fd02ef5d790270b9c327e0a90aa53d93a8871

  • SHA512

    584662aff115d8ef900c332c8c7b3b32fa89da596047f4888d68ad50b6049cffbaf63618439e1b3ea57225f5fc726721418a5a78e8ccfb6679629c5f899919de

  • SSDEEP

    786432:y6He9kAkcpBsGfPE1lQDNVJTeAU1xlYqB59g:9HAkch0wNNU1oi9g

  Score

  10^/10

  njrathackedevasiontrojandiscovery

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2