Extracted

• • Target

    0fd9f447c7575f44d5f7862610482789.exe

  • Size

    93KB

  • MD5

    0fd9f447c7575f44d5f7862610482789

  • SHA1

    c5fd98695c673bebe30707703422664c625d6a2c

  • SHA256

    ccb950ef5097dbd096c9a7017cd5c0032280a0b795af1d6838953267528b66fc

  • SHA512

    fbc2dcc805fe4fc0ef153d2310987f51cc5b74d4ff8b9d79b13fd0901408081fd78c118795b1cf5ba56636d0e54c6783b2bef77ed0fd678eca28d46d91bf4ae4

  • SSDEEP

    1536:pCmC+xhUa9urgOB9mNvM4jEwzGi1dDaDCgS:pCgUa9urgOidGi1dEn

  Score

  10^/10

  njrathackedevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2