Extracted

• • Target

    8cef03b0ba383d5e40062d57f03579936c8d1e0b42c6f480f4b93bcedb284398N.exe

  • Size

    118KB

  • MD5

    f770720a1144d0e0c46c0530b601d860

  • SHA1

    384435b2abcf711571b656c5e500eb6f82616f96

  • SHA256

    8cef03b0ba383d5e40062d57f03579936c8d1e0b42c6f480f4b93bcedb284398

  • SHA512

    20ffd3eed997998dffd24f3dbc6dd569d29bdd1fc3a2fc266ad3d52b17164e7af5b59b954641a81f4d09a97a0632076f0bf84a8d23e202b726037e8a9d8c074b

  • SSDEEP

    1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMDLf3:P5eznsjsguGDFqGZ2rDLf3

  Score

  10^/10

  njratneufdiscoveryevasionpersistenceprivilege_escalationtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2