Extracted

• • Target

    ee9c59ed661de901b23475e7b6af8c5c_JaffaCakes118

  • Size

    252KB

  • MD5

    ee9c59ed661de901b23475e7b6af8c5c

  • SHA1

    34a9f7397cbac20c422067683b1bb87659d4c3c6

  • SHA256

    25e5c94e59845bf8f4096d2eee10ab131e31096b957e1034c1fc0fd1164c1927

  • SHA512

    d3d2d301f6a81005a7134ba756bf91765b311f992cb882cc94501c2ecd494a80666ce6f4a6a07bfa16ea5b15d523fa2c7917906b3a4c7deff38ddfd55ae753a6

  • SSDEEP

    3072:bYs03EcckEmNoSsmfYgaKSRye29MXHPJ+TBVPRvdlDrwpxaZb8ywfxs54xoWav4M:s0Ss75S9cJ+503g8/0QO

  Score

  10^/10

  njratتم الاختراق من قبل دكتور الغربية #agilenetevasionpersistenceprivilege_escalationtrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Adds Run key to start application

    persistence
  behavioral1behavioral2