Extracted

Extracted

• • Target

    injcetor.bin

  • Size

    3.4MB

  • MD5

    fd1f9974340c428b15e8bf838122326d

  • SHA1

    c07709c671960f880c568516572b594ad5946029

  • SHA256

    b2421dc681198079bfa3cae05c63750b3847211ab307051604c5e7e0ca2033a1

  • SHA512

    647d9cc2d63dae6a4bfcb055b3d82bfae887fe08dfc04de6312f4a9953c64bbb2a16e225e79ee0ce1777676ab9465942e3a165a9d0feb921173858a3b4a10953

  • SSDEEP

    24576:VQqt82oJ5L4RGVFoQ0C/Q12H0RmAdmR8dG2FAYOcy7qWDLUTk+vJ3UcDS0ScE1k9:BxyqCLQFzB5

  Score

  10^/10

  njratredline@heatwinshackeddiscoveryinfostealerpersistencetrojan

  • Njrat family

    njrat

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2