Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-en -
submitted
11-09-2021 15:05
Static task
static1
Behavioral task
behavioral1
Sample
D8F6CADD686AEF1423100DAE9231C47D.exe
Resource
win7-en
windows7_x64
0 signatures
0 seconds
General
-
Target
D8F6CADD686AEF1423100DAE9231C47D.exe
-
Size
1.8MB
-
MD5
d8f6cadd686aef1423100dae9231c47d
-
SHA1
af46bfe9e441788fff35ca3613a805c23780a9fd
-
SHA256
8e38c9ed504d812b26fa8f6c5217127fdfa945da4ac74ebedbade7287fafd062
-
SHA512
466e25ecd6e418ed9451b56a1d680531f7973f5c0b5622c606d9e3ec16d7deba6b9fbee7e01335ecdfecb8eb59e678eb2332a8d99133ea42834c535b486fefe1
Malware Config
Extracted
Family
njrat
Version
0.7NC
Botnet
NYAN CAT
C2
milla.publicvm.com:5050
Mutex
8a1729b26bbe40d8
Attributes
-
reg_key
8a1729b26bbe40d8
-
splitter
@!#&^%$
Signatures
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious use of AdjustPrivilegeToken 33 IoCs
Processes:
D8F6CADD686AEF1423100DAE9231C47D.exedescription pid process Token: SeDebugPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 1092 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 1092 D8F6CADD686AEF1423100DAE9231C47D.exe