Extracted

• • Target

    JaffaCakes118_9e6eee535d7b2c2f40c5a5478fa5810d

  • Size

    104KB

  • MD5

    9e6eee535d7b2c2f40c5a5478fa5810d

  • SHA1

    96514e92d1224ee35317fc69f64f6147c93a870c

  • SHA256

    4ef128a8ae0eb9a7ab045791ddcfd834f173ad5cb98dd51c9cc84fb99f8cbef2

  • SHA512

    b2e0db6af410f07d263d5d448b8a39b9f0b1111cbdc6285a23983edf91e15d2ad27f466abbc78ab6714d61e32ceb7d8edb4db4ecb783400ea34ba22cbe149276

  • SSDEEP

    3072:570QJgokhjJOB5bCRLq2xvwoHmrlNuXQgi2VK:yQJgomGlIq2VfGrbuXJV

  Score

  10^/10

  njrathackeddiscoverypersistencetrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2