Extracted

• • Target

    1dfe93c432a71787bec625e9f37aea5c.exe

  • Size

    37KB

  • MD5

    1dfe93c432a71787bec625e9f37aea5c

  • SHA1

    c733d9b06b59e9cd883787998d36cb890a601ef2

  • SHA256

    a01ef3fdd7c3df2e845dca28c37e9244cb1823c655da892ff5d5dacb9db70afd

  • SHA512

    539b983f1ff6b954e1015cd11190d9d6562e23b3c88fd1379a7cec008479a8d8fba9606641d1c11807ee44986bf1f11562f770a448d76d7d0c4ed5bbc3bd0998

  • SSDEEP

    384:tdKvEiTbHvpWNcZ0y8f7CTvvrILkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzX9:DKXTZ38f7CTv8FwKrM+rMRa8NuLGKt

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2