Extracted

• • Target

    9e6da0d7af683c5f01bf8b869fffecc808833f56dc5cf834690a933a811ed38a.exe

  • Size

    57KB

  • MD5

    20e53a461803d01901cea182e1c4ba7e

  • SHA1

    50e0744e4b869ecd84832f4aa02bbf1274833a8c

  • SHA256

    9e6da0d7af683c5f01bf8b869fffecc808833f56dc5cf834690a933a811ed38a

  • SHA512

    e6b55b8817360637406ba3f0c4eb7217b862588a3b548454d732c477887d50fb8156b6f53d0a35d57cb05dcc564fff2e5cfd5ea9290e7cd23f1457fb473fad4e

  • SSDEEP

    1536:SXOMZigN9OUjTW404k9iMeaP3Ni7v3g912IPs2J:SXOMZHSUjiAk9RoLw91Ps2J

  Score

  10^/10

  njrathackedexecutiontrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2