Extracted

• • Target

    b12ace477963fdde7e7b3c3b81dc01d585d87097e68bed90f5dd41077556b4bf.exe

  • Size

    93KB

  • MD5

    a9ba2416df448c5f3b36581ecfa4cd31

  • SHA1

    105592c84c83cbf4e6f7b6978ecb6d37c99440b7

  • SHA256

    b12ace477963fdde7e7b3c3b81dc01d585d87097e68bed90f5dd41077556b4bf

  • SHA512

    456ffb46cf5d914108a68292e1f9e73665e7dd3905015c76709ecc954d02b50d9dfdd758c2178791d75aa1010b7c0f2e0cf92659f2471a227497343477e6c9f3

  • SSDEEP

    768:+Y3DCdhWXxyFcxovUKUJuROprXtgN8eYhYbmXxrjEtCdnl2pi1Rz4Rk3GsGdpQgM:hCzWhIUKcuOJXPhBjEwzGi1dDiDQgS

  Score

  10^/10

  njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Disables Task Manager via registry modification

    defense_evasion

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2