Extracted

• • Target

    Hackus.exe

  • Size

    3.1MB

  • MD5

    6270201830fa89bfe7c9619e66634a8e

  • SHA1

    214e78e347c36744b961ae433412c206c773f7cd

  • SHA256

    d9e587852419edeffbc520339081a368afb3aabf2ae4b099cc414f6840867227

  • SHA512

    42f51c2cecf94fb02c0e48b3c87f1f2c7a8ba1edf559a530f1f6123e479e6cccf9815a058d500e6bab54c91d42a114f76b1d7a695940a430f3d47b87644e14e0

  • SSDEEP

    49152:PlP3G5KT6W0/KJQdqsF5JcJ+l2VbknUOwqKl0:k4T6LEsBlM+lDnUn

  Score

  10^/10

  njrathackeddefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Modifies Windows Firewall

    evasion

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion
  behavioral1