njrat | 09f5ff5701d9c645272158ac98bcf3809d5b3f738c504b7725d61e09bf88ba03

General

Target

476717531291FDE85E1713AC91F245AD.exe
Size

657KB
MD5

476717531291fde85e1713ac91f245ad
SHA1

97ce0130c7097df02def7ee1b587109b8cc629fc
SHA256

09f5ff5701d9c645272158ac98bcf3809d5b3f738c504b7725d61e09bf88ba03
SHA512

ffd8c29fd9ea7ebd1f04f6b2adf15b95e17f705533823f551ffb829ff174687399d57b8f504bd8c4a1db9a7834316294520846c91c03cfbb30b861eee1a2cd62

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

ronymahmoud.ddns.net:5050

Mutex

ec82c14e01cd4702a0

Attributes

reg_key
ec82c14e01cd4702a0
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

476717531291FDE85E1713AC91F245AD.exe

description	pid	process
Token: SeDebugPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe
Token: 33	2712	476717531291FDE85E1713AC91F245AD.exe
Token: SeIncBasePriorityPrivilege	2712	476717531291FDE85E1713AC91F245AD.exe

C:\Users\Admin\AppData\Local\Temp\476717531291FDE85E1713AC91F245AD.exe
"C:\Users\Admin\AppData\Local\Temp\476717531291FDE85E1713AC91F245AD.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2712-115-0x0000000000D30000-0x0000000000DDA000-memory.dmp

Filesize
680KB

Download
memory/2712-116-0x0000000000D30000-0x0000000000DDA000-memory.dmp

Filesize
680KB

Download
memory/2712-117-0x0000000005B60000-0x000000000605E000-memory.dmp

Filesize
5.0MB

Download
memory/2712-118-0x0000000005700000-0x0000000005792000-memory.dmp

Filesize
584KB

Download
memory/2712-119-0x00000000059B0000-0x0000000005A4C000-memory.dmp

Filesize
624KB

Download
memory/2712-120-0x0000000005610000-0x000000000561C000-memory.dmp

Filesize
48KB

Download
memory/2712-121-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/2712-122-0x0000000007A60000-0x0000000007AC6000-memory.dmp

Filesize
408KB

Download
memory/2712-123-0x0000000007F10000-0x0000000007F1A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing