Extracted

• • Target

    1728-55-0x00000000003C0000-0x00000000003CC000-memory.dmp

  • Size

    48KB

  • MD5

    9948b0078db02f20a849748bfe4d1d1c

  • SHA1

    b452876d8daef06dffe35a8767386ae575c0f0d6

  • SHA256

    4c56ade4409add1d78eac3b202a9fbd6afbd71878c31f798026082467ace2628

  • SHA512

    bf1ea220ad74153aaf8379dea78cf322171a23cdd44203bbbfea188a2b31d3a9b16e60541eb2aed8c61e3f76c6fc0b983317b00ca31a01a8b63d082bee42f8d6

  • SSDEEP

    384:MoWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZvt:7Juk9pHRpcnu2

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2