Extracted

• • Target

    b1d263d591940c834ef1db52e6927c26c6666a5ec57bb73d083244438195c886N.exe

  • Size

    524KB

  • MD5

    e19a457d27cf5a4fc46c013f5f35ae40

  • SHA1

    1683c3ac27076dabcd41fcc69d4ee9c00c5b5ef2

  • SHA256

    b1d263d591940c834ef1db52e6927c26c6666a5ec57bb73d083244438195c886

  • SHA512

    b6ddbd1b1e9bb3c430593da4da3fc77c553bf2b8f8e188a88f11389f2192268f1ed9007a95d81095a29be7d68e0f9081de13f1e17fa13f2edb5307ec466c3448

  • SSDEEP

    12288:irOj+Ri3AgFdNfsuqW8BDSkiqD7hWw+OwZkR:UQ3AgFsuqBXDPh

  Score

  10^/10

  njrathackeddiscoveryexecutiontrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2