Extracted

• • Target

    c70f1b1504fcbed8851082651453e174.exe

  • Size

    184KB

  • MD5

    c70f1b1504fcbed8851082651453e174

  • SHA1

    e27ac05f35989e72e096a922afa1ad830a1d5d76

  • SHA256

    a085d9d3c1dbc7f892a89804845149389e422bfffe675e55f5ff40bdda29e182

  • SHA512

    886f019de83bed35ac97c9a0e242a7e1d6241116743696441229b4eec41ade751e27c8e46df88ce38378dde00f11a5add19bf6f94d71afcaf369074d295fadfe

  • SSDEEP

    1536:6ZJ9OQqaI4+gRJNJmrdiEC+Imn1l0i10rpGLP:6ZvOti+yJqrdiEC8l00As

  Score

  10^/10

  njratexplorerevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2