njrat | 0bdea16873ec63229169e9f1ecd3dcb4dd503b1db675b05dd0275072a01c75a2

Analysis

max time kernel
148s
max time network
144s
platform
windows7_x64
resource
win7-en-20211104
submitted
23-11-2021 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Size

23KB
MD5

c3b6d96864be68e11af041f42a6c07d1
SHA1

8d60415cae7e0f97fab89996d14f8532eca5148d
SHA256

0bdea16873ec63229169e9f1ecd3dcb4dd503b1db675b05dd0275072a01c75a2
SHA512

27fac593b619196b8469edcedd040d47ea52f8549e96a3cbe0e3a9802fbc0b386709a41a17320f24b40c758d0502b2fd007f566336239459429a42358d9174c3

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe

description	pid	process
Token: SeDebugPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: 33	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
Token: SeIncBasePriorityPrivilege	672	0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe

C:\Users\Admin\AppData\Local\Temp\0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe
"C:\Users\Admin\AppData\Local\Temp\0BDEA16873EC63229169E9F1ECD3DCB4DD503B1DB675B.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/672-55-0x0000000076A21000-0x0000000076A23000-memory.dmp

Filesize
8KB

Download
memory/672-56-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download