njrat | aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423

General

Target

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Size

991KB
MD5

71cf0b826a586a2c77eacfde791ec14e
SHA1

349a63989b801e1b9dee0960040ef7def96e28f6
SHA256

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423
SHA512

eb7f487097dea3d90740bcb7751ea581a03a76c3e335a931515e3f66f7db94877587872a2bf385ee8d926283feee4ce151cdba22a77abcb3daa2ead0199d7171

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

septiembre2.duckdns.org:6633

Mutex

a2951ca84e184

Attributes

reg_key
a2951ca84e184
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of SetThreadContext 1 IoCs

Processes:

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

description	pid	process	target process
PID 2276 set thread context of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

pid	process
2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

Processes:

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exeaae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

description	pid	process
Token: SeDebugPrivilege	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeDebugPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: 33	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
Token: SeIncBasePriorityPrivilege	3508	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

pid	process
2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

description	pid	process	target process
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
PID 2276 wrote to memory of 3508	2276	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe	aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe

C:\Users\Admin\AppData\Local\Temp\aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
"C:\Users\Admin\AppData\Local\Temp\aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe
"{path}"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aae4a82e65e47dc719affd7bebb7cc9ce1095fefeb3039947c1375688f2a4423.exe.log
MD5
e66606ac29605c55484b2e0f9ee4a447

SHA1
4e226b60592e1addafae55034137ea8d5d0fb113

SHA256
51ea67e4068c37a73d878dfda2e9475e7ecb01ea5c422b13b71459db2d0942e9

SHA512
038139d200ba48d82a462dee57bab1dd0ca6d8180e20aef72b5d079c6010ce8d1041fbb49084e54deb205bcb9bf7ae92c6b6a0256908b48d08e5043e2148799b

Download Submit
memory/2276-123-0x0000000004B51000-0x0000000004B52000-memory.dmp

Filesize
4KB

Download
memory/2276-119-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/2276-126-0x0000000005C20000-0x0000000005C2E000-memory.dmp

Filesize
56KB

Download
memory/2276-127-0x000000007F6B0000-0x000000007F6B1000-memory.dmp

Filesize
4KB

Download
memory/2276-121-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/2276-122-0x0000000004D90000-0x0000000004D91000-memory.dmp

Filesize
4KB

Download
memory/2276-124-0x0000000004B52000-0x0000000004B53000-memory.dmp

Filesize
4KB

Download
memory/2276-115-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2276-125-0x0000000004B55000-0x0000000004B57000-memory.dmp

Filesize
8KB

Download
memory/2276-118-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/2276-120-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

Filesize
4KB

Download
memory/2276-128-0x0000000006C90000-0x0000000006CEC000-memory.dmp

Filesize
368KB

Download
memory/2276-129-0x0000000004AA0000-0x0000000004AAA000-memory.dmp

Filesize
40KB

Download
memory/2276-117-0x0000000004970000-0x00000000049A1000-memory.dmp

Filesize
196KB

Download
memory/3508-131-0x000000000040676E-mapping.dmp

Download
memory/3508-130-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3508-138-0x0000000005560000-0x0000000005A5E000-memory.dmp

Filesize
5.0MB

Download
memory/3508-140-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads