njrat | fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5

General

Target

fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Size

23KB
MD5

d7f7a907cd1dc1d34695759d4669409b
SHA1

794a8d38ea39cb0245cb06cc95d41ff9f2f9954e
SHA256

fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5
SHA512

1506939536d274197aff3ce27ee4a5b9422e37e71e68d7602e23ab69c35a3f8111029f742b64aa46f856a58ef183dae381926883d26eb78f2f6065db774e615b

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe

description	pid	process
Token: SeDebugPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: 33	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
Token: SeIncBasePriorityPrivilege	1588	fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe

C:\Users\Admin\AppData\Local\Temp\fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe
"C:\Users\Admin\AppData\Local\Temp\fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1588-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/1588-55-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads