Extracted

• • Target

    d9692372935af6488f394ac6bb54abcd_JaffaCakes118

  • Size

    78KB

  • MD5

    d9692372935af6488f394ac6bb54abcd

  • SHA1

    e027975d43f867f7f975ab70931c4dedfc34fcbe

  • SHA256

    857c0557be413c9659bd43033085ff241ddb5c89f4a0cef4ad200878b4f43368

  • SHA512

    d5194a7affb374418597656e399680058c80462ee8e3d7875d09e33362bd3506ddc8e16d623528378cda6947c09b40fbe8bc05de319c4c0c1cc800ab5da6daa2

  • SSDEEP

    1536:+EXJoENDDVGHIdsF16EczfDO8JNGPfRYZMw/y0K/Kq:+sJoIdsF16zJJNGnRYZJa0K/Kq

  Score

  10^/10

  njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

  • Modifies WinLogon for persistence

    persistence

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2