Extracted

• • Target

    2f82f645f08b8671e14d516865be699caaf85d46604c3f89968454067c22d1edN

  • Size

    539KB

  • MD5

    ab6cad09631f7e2dd5df02d0b260a560

  • SHA1

    0f174a5a3f482616e564448db14dfafee4383d26

  • SHA256

    2f82f645f08b8671e14d516865be699caaf85d46604c3f89968454067c22d1ed

  • SHA512

    bae0fb167802cfceb92f36397220360a49178f8971f99db79139012f0137bf2628fbc9939d2486323da1f2dc59b498ba3e254530269aaec21238d44ecb175bd0

  • SSDEEP

    12288:UTzx0YPX/NqPsG/zfovs0x3wHYlBVEfTNjP6:UT2HPsG/zfJ0x3w4lBmRP6

  Score

  10^/10

  njrathackeddiscoveryexecutiontrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2