Extracted

• • Target

    2b6620c758c9cc5d7f6760c56de84d00N

  • Size

    8.7MB

  • MD5

    2b6620c758c9cc5d7f6760c56de84d00

  • SHA1

    39f1a425b962e10dc496edd5f002f5681975dd12

  • SHA256

    94975078658345fb44f4ef6f2930e33ca51362229cd54ea965e2c1a14e8d98d3

  • SHA512

    f90881adb2bec6622817bc880c857d59614f42851aa1023fcbf7add9d0c97647813797b0489757046d27c4f689d25a04d6c5bb9bf51e1e3dd201fbc17d337a8c

  • SSDEEP

    196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbl:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmB

  Score

  10^/10

  njratjjjdefense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2