Extracted

• • Target

    439d64eb2910ffaf4a2617869da14fcaaca0a12c26b9076c34ac808e31761241

  • Size

    359KB

  • MD5

    afe633190dc0dff381eead056b24588c

  • SHA1

    d34fb8f5eb0cbfe04541902ae340e455901a4899

  • SHA256

    439d64eb2910ffaf4a2617869da14fcaaca0a12c26b9076c34ac808e31761241

  • SHA512

    f87325bcbd335553f72bfc89fb8feb881d8abdf89a6612d05196ec4be21cd52ef86437c44abacd75c00ee38c8694263b4ee63203f5117c24ae254dec4b040829

  • SSDEEP

    6144:+TouKrWBEu3/Z2lpGDHU3ykJyT+tjs/y+f2cAe81g:+ToPWBv/cpGrU3yDT+tjIyaZki

  Score

  10^/10

  njrathackedevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2