Extracted

• • Target

    313662b6a9b6613afb7c3b37a2141d94bebe5e169dbd4c8a773d33cb6381f9d3.exe

  • Size

    29KB

  • MD5

    ab8a42aea9c378614d53d141878b2f27

  • SHA1

    49dac93e91fc8aecbf364113af01cb91fb7dac31

  • SHA256

    313662b6a9b6613afb7c3b37a2141d94bebe5e169dbd4c8a773d33cb6381f9d3

  • SHA512

    4ece3d425c62b223641a6eb458475fcf8b88fb7605ee097780744d206907ce39329dee34018ed80f317a12884daf330b8233e0a2486edff19d5b2a73f15a3dfd

  • SSDEEP

    384:aUHEBl7p3hUw2s7bD55gEKemqDSqre/IDGBsbh0w4wlAokw9OhgOL1vYRGOZzWZz:K7bUw2C3kEcqNreHBKh0p29SgRQNx

  Score

  10^/10

  njratbust3ddiscoveryevasionpersistenceprivilege_escalationtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2