Extracted

• • Target

    1732-1-0x0000000000270000-0x0000000000286000-memory.dmp

  • Size

    88KB

  • MD5

    57a6137708aa3c2866131919b12d17c2

  • SHA1

    4328e6c04348966ba9cb2a5f3883ccb51571cda8

  • SHA256

    d8b284c741d37196fbf6fe4513bf457f158a65b1b649a71f12855669e6bbcbeb

  • SHA512

    80a4f19ef88327b8048ab075aeddc9cc8b1123db2fb1dbff5de4783c6a68b833e78c51ec0b87a0c6b626c7f8edf708e974693e088b84dc964891acac02cb493a

  • SSDEEP

    1536:CXOeboN36tbQviFw1ScTIBnvAefLteF3nLrB9z3nTaF9btS9vM:CXOeboN36tbQviFCtcBn1fWl9zDaF9bJ

  Score

  10^/10

  njratuzbekdiscoverypersistencetrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2