Extracted

• • Target

    Wire Notification.jar

  • Size

    560KB

  • MD5

    22b2dd04bb82b6fb05f6d148255c14c6

  • SHA1

    782faf733ea7d5e36f5e77dd66a7e16fa2f7f86d

  • SHA256

    dd33019c84b905443de022d1ff40146e7d1a2b5b472a3e1589b0ecb36ee64555

  • SHA512

    295eed7bd9cc01f499896f53cc764836fc04513e79434e9b1365bae7105f4ef09cbb668224d9a1653d945a8d7d190693f182cc40307a0a92dec2e916dd7c82c7

  • SSDEEP

    12288:k9f0DrXoyn7Dg0G4ZCLrK6PxEgZ7QBjm/i01rXoyNpDC0GUaResHMO:k50PXtG4ZQpx7QBCa0pXbGdMnO

  Score

  10^/10

  njrathomediscoveryevasionpersistenceprivilege_escalationtrojanupx

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2