njrat | 0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0

Analysis

max time kernel
2s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0.exe
Size

29KB
MD5

0b91736e6d90f5b55e04882d0cedfa48
SHA1

c15bdf3df0a9eb1d7ffe88c9175f28e9687e6053
SHA256

0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0
SHA512

b4b5a02c2b053790867dea292d60a610ae360a4356784660bf5c2770c38b18ab7468049d0c029dacbe3ae3aec615aa78a09e5755691207e7d08ba34c0bcab69a

Score

10^/10

njrat evasion trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Modifies Windows Firewall 1 TTPs 1 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exe

pid process

1344 netsh.exe

pid	process
1344	netsh.exe

C:\Users\Admin\AppData\Local\Temp\0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0.exe
"C:\Users\Admin\AppData\Local\Temp\0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0.exe"
1⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\sestm.exe
"C:\Users\Admin\AppData\Local\Temp\sestm.exe"
2⤵
PID:908

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\sestm.exe" "sestm.exe" ENABLE
1⤵
- Modifies Windows Firewall
PID:1344

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sestm.exe
Filesize
19KB

MD5
a107551b93bc314417ccb5544515fb07

SHA1
4f5e1e63d7e061ed1090f1a92836746b1d35156b

SHA256
702dafb8da158717048c1cbed0c0edd2cbcba7f6802054e21a7e9fbb22d725a3

SHA512
cd81bbebb89f7555c5c44a48b19b9a79ffe2c9ccb8e445070e8bdf6ea0ff891c67fe26e4e7dddcdb43a69fc6c6019d9821c4e2076cea8398235519a959c32fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\sestm.exe
Filesize
8KB

MD5
3fb50ec9282a69134443a87b0001c30f

SHA1
1521c5812b18621b4c7753e42deb1d125c225d3f

SHA256
ebe3a32238f907f1ed127bc3c6b703159c68a13cd42d50bc5a3ee18ff813f9f2

SHA512
4b71bb01ee6cd99771b9fa37e19c4542db001e2ddc744b1ee6a76401df9b5f1f713d838833e6da00743301386766ef4f74a22956fa27a2421cf1a09921fb0975

Download Submit
\Users\Admin\AppData\Local\Temp\sestm.exe
Filesize
22KB

MD5
f24ddffd83f0de3cff27aec435841771

SHA1
1253afdabbe67abc5c351a694683d57108413946

SHA256
11c4848b284dcb5bd3282ecaf74378c75c68e4cb8b6d249a29d29606829d3be8

SHA512
0ee44bf2ffbd08feaec1ae7b410b6f0e33b4ded3599626aca349808840c8ebf43d667484ea5c749706b03c7129de251686f5a92d3d449c534a1ad7e8589b89c9

Download Submit
memory/908-56-0x0000000000000000-mapping.dmp

Download
memory/908-62-0x0000000074930000-0x0000000074EDB000-memory.dmp

Filesize
5.7MB

Download
memory/1116-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1116-61-0x0000000074930000-0x0000000074EDB000-memory.dmp

Filesize
5.7MB

Download
memory/1344-60-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads