njrat | a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb

General

Target

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Size

469KB
MD5

c6dadfa2458bb2fcec4e19030216878b
SHA1

a39845ecc03954bcb0846c23ff33ada6875f1719
SHA256

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb
SHA512

93a4ab3454c375de550d7497a9424e6500d77c08b1e6018fdbf080bc056f9da74fb4ebdfa691d2b4fe5997060913a6d5a62a231c0b881b58c0c79ce763ba5562

Score

10^/10

njrat trojan

Malware Config

Extracted

Family

njrat

C2

ilfuoco.crabdance.com:1606

Mutex

2cdbd061ab

Attributes

reg_key
2cdbd061ab
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe

description	pid	process
Token: SeDebugPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	1660	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe

C:\Users\Admin\AppData\Local\Temp\a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
"C:\Users\Admin\AppData\Local\Temp\a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-59-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/1660-61-0x0000000000330000-0x000000000039D000-memory.dmp

Filesize
436KB

Download
memory/1660-62-0x000000001B2F0000-0x000000001B2F2000-memory.dmp

Filesize
8KB

Download
memory/1660-63-0x000000001B650000-0x000000001BAB3000-memory.dmp

Filesize
4.4MB

Download
memory/1660-64-0x000000001A4F0000-0x000000001A608000-memory.dmp

Filesize
1.1MB

Download
memory/1660-65-0x00000000005F0000-0x0000000000636000-memory.dmp

Filesize
280KB

Download
memory/1660-66-0x00000000003A0000-0x00000000003B1000-memory.dmp

Filesize
68KB

Download
memory/1660-67-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing