Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10-en -
submitted
08-09-2021 09:10
General
-
Target
dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe
-
Size
51KB
-
MD5
0070cd346ea3e1674939bf2f8df83917
-
SHA1
f71c6a0240841674070d7a5e2de5f547bba61a27
-
SHA256
dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c
-
SHA512
8f238f539968bc8c02b774ddc16e57fed720c42f007853055473eb95c4cba6c66cc1347c49ead0addf1b1bdcb14a26a9b464b09029039ccd7ab4bf0f067a139a
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
Run RunPE
Attributes
-
splitter
|'|'|
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe"C:\Users\Admin\AppData\Local\Temp\dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-115-0x0000000000AD0000-0x0000000000AD1000-memory.dmpFilesize
4KB
-
memory/1664-117-0x0000000005970000-0x0000000005971000-memory.dmpFilesize
4KB
-
memory/1664-118-0x0000000005350000-0x0000000005351000-memory.dmpFilesize
4KB
-
memory/1664-119-0x0000000002ED0000-0x0000000002ED1000-memory.dmpFilesize
4KB
-
memory/1664-120-0x0000000002E50000-0x0000000002EE2000-memory.dmpFilesize
584KB
-
memory/1664-121-0x0000000005900000-0x000000000590F000-memory.dmpFilesize
60KB
-
memory/1664-122-0x0000000007010000-0x0000000007011000-memory.dmpFilesize
4KB
-
memory/1664-123-0x0000000007120000-0x0000000007121000-memory.dmpFilesize
4KB