Extracted

• • Target

    5ecc27abe51073b88b4a027d104eb27bb6090bb88ee3f57042c391929809b0fe

  • Size

    1.4MB

  • MD5

    6d7581ce66903505cdd302e804e98ccb

  • SHA1

    322c750a476e6bfcc870e32427388bdabdcf2118

  • SHA256

    5ecc27abe51073b88b4a027d104eb27bb6090bb88ee3f57042c391929809b0fe

  • SHA512

    81527134452d166b86e4375cd6f0f325a9711eef2a254baf2e049ff911ce5b56fa75c75ef94c79d9ec99fb76c45cb9888fb8547c1884d24b521a634876061758

  • SSDEEP

    24576:+TbBv5rUlIa9fkmnRRzYsrQZTnskmkORRQdKQPed9IvAIMpVNvi329DaR:ABRWfkqRRQnXOzQd3M+vAIMpb8IW

  Score

  10^/10

  njrathackedevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2