Extracted

• • Target

    53ff7f325392759ad23ecff401bf6534

  • Size

    307KB

  • MD5

    53ff7f325392759ad23ecff401bf6534

  • SHA1

    c3dd5b7fde858765da3c5412fad797e3e1a0c9aa

  • SHA256

    eea22615ac37aca1c2258c1283f397a6de1f24967bc9ccf649d81ccd1fd04a19

  • SHA512

    629503978bb475470c61c94fc509701fa58ec268be0c4bb65696b9d93bc4b53cf29b07d8de039c69e70958639176f5258e5be1f1875b07daa2e714735ecb8ca6

  • SSDEEP

    6144:0jbei1kGc+HGcPCaTk+4/b2lSd6tsLTXv4A3qssRF0gx5CR:0u+c+FPCaTkn2lSRLrgAapf0gx5CR

  Score

  10^/10

  njrathackedpersistencetrojanupx

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2