Overview

overview

10

Static

static

10

2e5a045992...e1.exe

windows7-x64

10

2e5a045992...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e5a045992e9c4484567533fd26794e1.exe

  • Size

    43KB

  • MD5

    2e5a045992e9c4484567533fd26794e1

  • SHA1

    9519058a4bbbbc269bc23b270abf12c30b461701

  • SHA256

    aa6249c70448ad3d8f7c2555b5347408728dba237009f51066086729e680ba6c

  • SHA512

    f042ddcc21ee1daee8bfc0e78479c7211b95d80368efde45b6cb84c6b9c1f3807867874d58793358800a4eb72ab970e483d9bbcc8081323d99843313dab8043a

  • SSDEEP

    384:78ZygjqyCEFmVoyb37ilaY2EdizMgh+zEIij+ZsNO3PlpJKkkjh/TzF7pWnpmgrq:761jqyVAVlbLCHKQgWuXQ/ooC+L

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:18211

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e5a045992e9c4484567533fd26794e1.exe
    "C:\Users\Admin\AppData\Local\Temp\2e5a045992e9c4484567533fd26794e1.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2500-132-0x0000000000FC0000-0x0000000000FD2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2500-133-0x0000000005980000-0x0000000005A1C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2500-134-0x0000000006290000-0x0000000006834000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/2500-135-0x0000000005D80000-0x0000000005E12000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2500-136-0x0000000005AB0000-0x0000000005ABA000-memory.dmp
    Filesize

    40KB

    Download