Extracted

• • Target

    NEAS.20b06a72b000ed9c2d9db774c543202171728537aa4a43a7c8b5fdab7bf026c6exe_JC.exe

  • Size

    65KB

  • MD5

    b1290bf36ae40c7d6ac7dfac9f399848

  • SHA1

    fbcfebb104fe31aeae0a24b3bd28d92280f012aa

  • SHA256

    20b06a72b000ed9c2d9db774c543202171728537aa4a43a7c8b5fdab7bf026c6

  • SHA512

    e76d15ca4fbc01ef955ad08bf5cd8725ce1e709f17ae1929dbc79afba51f77c9d39050d3edbe0757397312b0a75598f569254fb067aec0fb7af537617180e240

  • SSDEEP

    1536:lcxR4cEoN36tLQviFw1iW6SBnvb0fLteF3nLrB9z3neaF9bNS9vM:lcxR4cEoN36tLQviFCbhBnYfWl9zuaFn

  Score

  10^/10

  njrathackedpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2