Extracted

• • Target

    Новая папка (2).rar

  • Size

    16KB

  • MD5

    80757173329c5fbb7bbb501d3448d82c

  • SHA1

    1323793e244d7d1e246b9161c73064fcdaa70957

  • SHA256

    74cb25514fae5d7c1cfb608e4a03c9ec262c1ea0ff92d6ab03fc66fa2f2563f7

  • SHA512

    b941f714353220d20d68c38cdfa0cce4c1cefa4616c6204f4428e7f177d3523064a550b19ad8defa4bdc96ebccd1aebd115dc862795059ee2843c2058d0acba3

  • SSDEEP

    384:7czSqvvD/7qxNP4TIqNV6BbU9wF4qgAQw5e2TAtLL0HFKA:IzSqvi4kqNebUCmAU2ExL0HFF

  Score

  10^/10

  njratuserdiscoveryevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1