Extracted

• • Target

    start.bat

  • Size

    93KB

  • MD5

    eb12259817bf7f95c42d92cb4407a6e0

  • SHA1

    2c138665f5e4ac1c97b6003ecd7850c4a679842d

  • SHA256

    c4b379abbc9f203fc3f04a49eee54d85863132d5b3c4c8f39ebbd01da38849b9

  • SHA512

    5e37b4714ab321c104d9707f45c08b53d9e11bf0e5548218bc02b3087505af7eb01a5aae09f4550006b25e49f52c8ceefb026e45554676494f16074992490b5d

  • SSDEEP

    768:HY3mE7yZnDQMMpAZrGSt6udttXy4slhkGJiXxrjEtCdnl2pi1Rz4Rk3YsGdp9gS7:TE+ZD3rGWNd7yhkhjEwzGi1dDwD9gS

  Score

  10^/10

  njrathackedevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral1behavioral2