Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-09-2021 15:05
General
-
Target
D8F6CADD686AEF1423100DAE9231C47D.exe
-
Size
1.8MB
-
MD5
d8f6cadd686aef1423100dae9231c47d
-
SHA1
af46bfe9e441788fff35ca3613a805c23780a9fd
-
SHA256
8e38c9ed504d812b26fa8f6c5217127fdfa945da4ac74ebedbade7287fafd062
-
SHA512
466e25ecd6e418ed9451b56a1d680531f7973f5c0b5622c606d9e3ec16d7deba6b9fbee7e01335ecdfecb8eb59e678eb2332a8d99133ea42834c535b486fefe1
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7NC
Botnet
NYAN CAT
C2
milla.publicvm.com:5050
Mutex
8a1729b26bbe40d8
Attributes
-
reg_key
8a1729b26bbe40d8
-
splitter
@!#&^%$
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\D8F6CADD686AEF1423100DAE9231C47D.exe"C:\Users\Admin\AppData\Local\Temp\D8F6CADD686AEF1423100DAE9231C47D.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/396-114-0x00000000002F0000-0x00000000002F1000-memory.dmpFilesize
4KB
-
memory/396-116-0x00000000053B0000-0x00000000053B1000-memory.dmpFilesize
4KB
-
memory/396-117-0x0000000004EB0000-0x0000000004EB1000-memory.dmpFilesize
4KB
-
memory/396-118-0x0000000004F50000-0x0000000004F51000-memory.dmpFilesize
4KB
-
memory/396-119-0x0000000004E80000-0x0000000004E81000-memory.dmpFilesize
4KB
-
memory/396-120-0x0000000005120000-0x0000000005121000-memory.dmpFilesize
4KB
-
memory/396-121-0x0000000005110000-0x0000000005118000-memory.dmpFilesize
32KB
-
memory/396-122-0x0000000007360000-0x0000000007361000-memory.dmpFilesize
4KB