Extracted

• • Target

    Server.exe

  • Size

    37KB

  • MD5

    37b90a300f36744b6fc9ce797b963a94

  • SHA1

    2d5456e337c04011f09cb98fffb35f409e7041b9

  • SHA256

    0d65edf0f9abb44623414395837b42e8b0e9b348435c7b00202976dfed4b96bc

  • SHA512

    68b6da47b0b61a47602a0ebd51aa5ed6988954a71700ed4b02d9843815fd22fe56506c1fdd79d52729f0f878024b23d613418eede72edbb2ad53032207faeb17

  • SSDEEP

    384:QXunmSIiejBCVLO309QmykrtsM9Wwffyv2A78rAF+rMRTyN/0L+EcoinblneHQMk:JbdGdkrCCHy+AgrM+rMRa8NucQJt

  Score

  10^/10

  njrattriaevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2