Overview

overview

10

Static

static

10

508dbdf333...81.exe

windows7_x64

10

508dbdf333...81.exe

windows10_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    02-12-2021 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    508dbdf33362da23088dc438a6685681.exe

  • Size

    31KB

  • MD5

    508dbdf33362da23088dc438a6685681

  • SHA1

    33ecad58c258c5cd896027811c6fa0f42564255b

  • SHA256

    2e15758b43bd03a317325eeb94461dd3aa146c9db3e6c31b8e9dda441f1ba4b3

  • SHA512

    9d643c60e94ec113b78d5dccef135d94b5dc6d5e8896aa44f7997ba8ee8150a5a3999d580fdd4f6e7fcf6e90195859022e4237fbcb073b32d8510fef4c723c6b

Score
10/10
njratevasiontrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe
    "C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\508dbdf33362da23088dc438a6685681.exe" "508dbdf33362da23088dc438a6685681.exe" ENABLE
      2⤵
        PID:3352

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/912-115-0x0000000001700000-0x0000000001701000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3352-116-0x0000000000000000-mapping.dmp

      Download