Extracted

• • Target

    New Client.exe

  • Size

    329KB

  • MD5

    9202baa178d24e6fa0eb45262ac7e16a

  • SHA1

    e45b9ed7c3ebd6b7994dc5de645b2a248ad3f770

  • SHA256

    6c7c1efa3c4deb1fd07a04620a62183054c99d65918d9fc7858f8005b61e0655

  • SHA512

    0ad8b21d9fefcd42b82c60801c1e65381ec769ffa032496a4648917e2f5fb6ce94fb602776c39d9ecbaa01b48fdfbf2f4fef0135d178a8b5cb7c18d2f6952c5a

  • SSDEEP

    6144:z1g9zWvMmbhoLVOT/FtBkFHS4bnb5Y1C54hP56eya4oPbLZzXHgTbM0Ckc6D+Kl2:z1NXbhoLVOT/FtBkFHSwnb5Y1C54hP5x

  Score

  10^/10

  njratslavepersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2behavioral3