Overview

overview

10

Static

static

6a5f6fba52...8b.exe

windows7_x64

10

6a5f6fba52...8b.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    02-10-2021 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a5f6fba52919a8f6f8e371284c3458b.exe

  • Size

    104KB

  • MD5

    6a5f6fba52919a8f6f8e371284c3458b

  • SHA1

    669cba3048a250fdb53c4a708ae7b92006072942

  • SHA256

    bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26

  • SHA512

    5bb20db97e23e93a1c4a6e54bc0b13973012e04d71f4b3efd3e5e1ba691fb0d86a6fbd758446ceab7827be9cb790998d432ed4150d6ddbfdf17b7f8314386e13

Score
10/10
njratnyan catpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

paomarca.duckdns.org:2054

Mutex

fede6f9724

Attributes
  • reg_key

    fede6f9724

  • splitter

    @!#&^%$

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata
  • Core1 .NET packer 1 IoCs

    Detects packer/loader used by .NET malware.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a5f6fba52919a8f6f8e371284c3458b.exe
    "C:\Users\Admin\AppData\Local\Temp\6a5f6fba52919a8f6f8e371284c3458b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:3464

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3464-115-0x0000000000F40000-0x0000000000F41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3464-117-0x0000000001890000-0x00000000018B7000-memory.dmp
    Filesize

    156KB

    Download
  • memory/3464-118-0x0000000001840000-0x000000000185D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/3464-119-0x0000000003A20000-0x0000000003A28000-memory.dmp
    Filesize

    32KB

    Download
  • memory/3464-120-0x0000000001880000-0x0000000001882000-memory.dmp
    Filesize

    8KB

    Download