Extracted

• • Target

    68e05f32c339585c1d415c35d805245f_JaffaCakes118

  • Size

    72KB

  • MD5

    68e05f32c339585c1d415c35d805245f

  • SHA1

    d6917a7251b868bf957c12b8f3c03640f55b79c4

  • SHA256

    ed6398ae88f980ec67453283ae2087086f98236250e7fe1d071fa39d0b0f966e

  • SHA512

    aee88d6406b8c7e6453fb236940adb25f0164ea53ee81256a30303610c4821bd47eac86aa5d2e795f700801c6d7f9b43f2ee1995de7caa80c5dd5b6ac02fdcb3

  • SSDEEP

    1536:D3eJG53G73mxdvddLYh7TYOVZkH+qYPTkU:D32GhNvzYhNu+qKkU

  Score

  10^/10

  njrathackedevasiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2