Extracted

• • Target

    ded6e4c6034c299d59a7a8b45f96f6dd.exe

  • Size

    436KB

  • MD5

    ded6e4c6034c299d59a7a8b45f96f6dd

  • SHA1

    16c4467712dcdbd30303f613a06181c7ab7109a9

  • SHA256

    400839e985f3b243d21dc246c4ca9b79f83f2ac529cf3bd9cb08d543ebd5dfc4

  • SHA512

    460e03d7fa9dcba5ae61d9624f9548c5a8d8ca70c244dbe93af6f6bcee60da75bd6490b849c85548f12b1fb801ed829030b1afcd7984da5001e63d4a0777d007

  • SSDEEP

    12288:9UomEFRu3xEPED85p3Yas2n6u2ibhbvVRC+:bmOMSPED85poLc6u2iHH

  Score

  10^/10

  njratconsoleevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2