Overview

overview

10

Static

static

10

508dbdf333...81.exe

windows7_x64

10

508dbdf333...81.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    02-12-2021 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    508dbdf33362da23088dc438a6685681.exe

  • Size

    31KB

  • MD5

    508dbdf33362da23088dc438a6685681

  • SHA1

    33ecad58c258c5cd896027811c6fa0f42564255b

  • SHA256

    2e15758b43bd03a317325eeb94461dd3aa146c9db3e6c31b8e9dda441f1ba4b3

  • SHA512

    9d643c60e94ec113b78d5dccef135d94b5dc6d5e8896aa44f7997ba8ee8150a5a3999d580fdd4f6e7fcf6e90195859022e4237fbcb073b32d8510fef4c723c6b

Score
10/10
njratevasiontrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe
    "C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe" "508dbdf33362da23088dc438a6685681.exe" ENABLE
      2⤵
        PID:1544

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1544-57-0x0000000000000000-mapping.dmp

      Download

    • memory/1992-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1992-56-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download