Extracted

• • Target

    138c8efb54944bf084d2a0e607593a84e0933f8fcd251713a37c49e175cec74e

  • Size

    1.1MB

  • MD5

    1f15727756acb812463a6030194dd0a5

  • SHA1

    50f2654ebcc03db57fa562d163fde15a472ff6cb

  • SHA256

    138c8efb54944bf084d2a0e607593a84e0933f8fcd251713a37c49e175cec74e

  • SHA512

    85de789a6a1784a52a739a21e3cd1350242de0630c26d04978bc6b8be760fc7dd4d0775d3503169410d4b5e1882c69d7fa3ce8dc9111e36148e3c9ac8147ec89

  • SSDEEP

    24576:tf30T0Ai5fKiCsfs4UjZgjRqu+I9M14VBUR:13Pof1KquTPVBU

  Score

  10^/10

  njrathackedtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Drops desktop.ini file(s)

  behavioral1behavioral2