Extracted

• • Target

    87bd0c3dce360cbd639389b46d798f798b797d41d4facbe492d780c3f5adf953

  • Size

    97KB

  • MD5

    1a2571d1fbd765cbfc662ac7b1670ac5

  • SHA1

    b483fc154e01ca8b5f8b79b0f72f3c6a7559dd41

  • SHA256

    87bd0c3dce360cbd639389b46d798f798b797d41d4facbe492d780c3f5adf953

  • SHA512

    222db62bbfe7993200905775787de3e404e139d06f6877e928a908b0351223f3179de6dad7565999b97983b6b26e142e63f73230f832db6a30e92d50fe8770e2

  • SSDEEP

    1536:WAp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4X:d5eznsjsguGDFqGX

  Score

  10^/10

  njratneufdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2