Extracted

• • Target

    029742967f16b9ef929b86538afd2e9a

  • Size

    93KB

  • MD5

    029742967f16b9ef929b86538afd2e9a

  • SHA1

    74e05346e692347f4d2a0ffbce37300f48dc51aa

  • SHA256

    9b9252b4550f98cad09bf6e308cde6416c26cf43b61335ccdf887bfc59252a14

  • SHA512

    dbfe1505190b98e56e939f406edf6c01aec8a0f73d7c877eeec8184cbaa643ff98e6c340d9239bd425f0dcdcde38f0e2edc47f8e61f74bbca7372c546b503db4

  • SSDEEP

    1536:aJXBNvGfr2p4dTa/hDjEwzGi1dD+DpgS:aJOfr2p4dW/Gi1dom

  Score

  10^/10

  njrattankionlainevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2