Extracted

• • Target

    b763242ac3be701e02827c840c602d7f9a82821221ebe5b091ce43d08a7bea7a.exe

  • Size

    37KB

  • MD5

    19b3aca76d35b9d6ad75157d4d687523

  • SHA1

    6444a53e7789f1e488dfb9b559f093a6c7f9e225

  • SHA256

    b763242ac3be701e02827c840c602d7f9a82821221ebe5b091ce43d08a7bea7a

  • SHA512

    02b17da200f6a5dc71e0f006d0386756fe5c9d104f811999197491ea7b8624b72aea82771f5788ddb259e8d504b99127394147c64b882e21117455a71c196806

  • SSDEEP

    384:JeTMUiDHblmJEpRGyEfBffXuKCYyEAurAF+rMRTyN/0L+EcoinblneHQM3epzX6E:kTqHpR9EfBfWKClEHrM+rMRa8Nu0st

  Score

  10^/10

  njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2