Extracted

• • Target

    548A4036ED72D3479BA73BB16B540198.exe

  • Size

    1.1MB

  • MD5

    548a4036ed72d3479ba73bb16b540198

  • SHA1

    2f13d78e0a284eee8673aff586582050f72e4f82

  • SHA256

    f224e28066ac3cb24754bf423b368d28b720dc6889f86d2ce21df79f33982e5f

  • SHA512

    97b72f7186233db4038caef8f4714fdcdec6da17d4c195d791381163dcd86f0b23c9b0c4dec39c1f0f2616615a77f53f18987b7faac8947283fe0b3fa97e6a9a

  • SSDEEP

    24576:7gc2ZZ58NY+7pxrdVzZEUbIBd6U1EtuhgrSiDj2ni:7hFNY+7LdHPI91EagOi

  Score

  10^/10

  njratevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2