Overview

overview

10

Static

static

36702A0220...8B.exe

windows7_x64

10

36702A0220...8B.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-12-2021 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36702A02201CEA4B0F0096758491FB058EF8D9A84D98B.exe

  • Size

    22KB

  • MD5

    f3d01e4949038741366e368d190fb95a

  • SHA1

    94ae951d78c1cc28a698b770839272d22b1d56f2

  • SHA256

    36702a02201cea4b0f0096758491fb058ef8d9a84d98bf93db3101ee1050276f

  • SHA512

    9a40115f50bd6e493c729b78df9af601428f29fa9b2bf101ff51100e4d0890e8104c7ae766472fa08a86db5b7f72f1b64656362a90f4a46db5f63b9105c172bb

Score
10/10
njratpersistencetrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36702A02201CEA4B0F0096758491FB058EF8D9A84D98B.exe
    "C:\Users\Admin\AppData\Local\Temp\36702A02201CEA4B0F0096758491FB058EF8D9A84D98B.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:4000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4000-115-0x0000000000EF0000-0x0000000000EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4000-116-0x0000000000EF2000-0x0000000000EF4000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4000-117-0x0000000000EF4000-0x0000000000EF5000-memory.dmp

    Filesize

    4KB

    Download