njrat | a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb

General

Target

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Size

469KB
MD5

c6dadfa2458bb2fcec4e19030216878b
SHA1

a39845ecc03954bcb0846c23ff33ada6875f1719
SHA256

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb
SHA512

93a4ab3454c375de550d7497a9424e6500d77c08b1e6018fdbf080bc056f9da74fb4ebdfa691d2b4fe5997060913a6d5a62a231c0b881b58c0c79ce763ba5562

Score

10^/10

njrat trojan

Malware Config

Extracted

Family

njrat

C2

ilfuoco.crabdance.com:1606

Mutex

2cdbd061ab

Attributes

reg_key
2cdbd061ab
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe

description	pid	process
Token: SeDebugPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: 33	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
Token: SeIncBasePriorityPrivilege	2484	a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe

C:\Users\Admin\AppData\Local\Temp\a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe
"C:\Users\Admin\AppData\Local\Temp\a31b7234f02625dcaa13aa622166c1f2b9292f92ff4375b5baddf31225b785eb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2484-115-0x000002069C620000-0x000002069C621000-memory.dmp

Filesize
4KB

Download
memory/2484-117-0x00000206B6B30000-0x00000206B6B32000-memory.dmp

Filesize
8KB

Download
memory/2484-118-0x00000206B6A40000-0x00000206B6AAD000-memory.dmp

Filesize
436KB

Download
memory/2484-119-0x00000206B6B40000-0x00000206B6FA3000-memory.dmp

Filesize
4.4MB

Download
memory/2484-120-0x00000206B6200000-0x00000206B6318000-memory.dmp

Filesize
1.1MB

Download
memory/2484-121-0x00000206B6320000-0x00000206B6366000-memory.dmp

Filesize
280KB

Download
memory/2484-122-0x000002069C9D0000-0x000002069C9E1000-memory.dmp

Filesize
68KB

Download
memory/2484-123-0x000002069C9B0000-0x000002069C9B6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing