Extracted

• • Target

    a0bbda280458cc74a17288e860365e68.exe

  • Size

    37KB

  • MD5

    a0bbda280458cc74a17288e860365e68

  • SHA1

    0d5fef6b60995789e6ba74987d2f1b2941480a1f

  • SHA256

    e6b30ab724c9658427dad7fb5807614bd5f3a1560f8c1d575cad5880ab5f5d8a

  • SHA512

    05880b9f9d806278f62bbd3850d7b60480883f30e4046be03ee882c9660345f3665c96bff7d664361f96bea323fdd60c5aead1dc71f35d060e8aa6dcd3f1b9fe

  • SSDEEP

    384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t

  Score

  10^/10

  njrathackedevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2