njrat | 5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe
Size

28KB
MD5

81fd6e65a42340fe488bcb6a64b5e858
SHA1

09a6c3c7a77a863e9ec34a098964218c1903c22e
SHA256

5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95
SHA512

023c97872399ede269f35a56f21f18d00e45810dec5976e75bc18340ee5401c7fa3e19f81b39fa2891cafa870116264b6353c4f71d69cae1f09ac7f4c116f3ca
SSDEEP

768:YbH0HOuAwHVGo67i9OggI6G62Vo0LM+dbbc7:Z6NrkQUbY

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Executes dropped EXE 1 IoCs

Processes:

Trojan.exe

pid process

1988 Trojan.exe
Loads dropped DLL 1 IoCs

Processes:

5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe

pid process

1764 5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1988	Trojan.exe

pid	process
1764	5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe

description	pid	process	target process
PID 1764 wrote to memory of 1988	1764	5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe	Trojan.exe
PID 1764 wrote to memory of 1988	1764	5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe	Trojan.exe
PID 1764 wrote to memory of 1988	1764	5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe	Trojan.exe
PID 1764 wrote to memory of 1988	1764	5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe	Trojan.exe

C:\Users\Admin\AppData\Local\Temp\5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe
"C:\Users\Admin\AppData\Local\Temp\5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1764

C:\Users\Admin\AppData\Local\Temp\Trojan.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.exe"
2⤵
- Executes dropped EXE
PID:1988

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Trojan.exe
Filesize
28KB

MD5
81fd6e65a42340fe488bcb6a64b5e858

SHA1
09a6c3c7a77a863e9ec34a098964218c1903c22e

SHA256
5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95

SHA512
023c97872399ede269f35a56f21f18d00e45810dec5976e75bc18340ee5401c7fa3e19f81b39fa2891cafa870116264b6353c4f71d69cae1f09ac7f4c116f3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Trojan.exe
Filesize
28KB

MD5
81fd6e65a42340fe488bcb6a64b5e858

SHA1
09a6c3c7a77a863e9ec34a098964218c1903c22e

SHA256
5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95

SHA512
023c97872399ede269f35a56f21f18d00e45810dec5976e75bc18340ee5401c7fa3e19f81b39fa2891cafa870116264b6353c4f71d69cae1f09ac7f4c116f3ca

Download Submit
\Users\Admin\AppData\Local\Temp\Trojan.exe
Filesize
28KB

MD5
81fd6e65a42340fe488bcb6a64b5e858

SHA1
09a6c3c7a77a863e9ec34a098964218c1903c22e

SHA256
5f642f451951dd1fce7cd9823fb75e84a8ed48fe41b0603b2977cd4495d2ce95

SHA512
023c97872399ede269f35a56f21f18d00e45810dec5976e75bc18340ee5401c7fa3e19f81b39fa2891cafa870116264b6353c4f71d69cae1f09ac7f4c116f3ca

Download Submit
memory/1764-54-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download
memory/1764-55-0x0000000074200000-0x00000000747AB000-memory.dmp

Filesize
5.7MB

Download
memory/1764-62-0x0000000074200000-0x00000000747AB000-memory.dmp

Filesize
5.7MB

Download
memory/1988-57-0x0000000000000000-mapping.dmp

Download
memory/1988-61-0x0000000074200000-0x00000000747AB000-memory.dmp

Filesize
5.7MB

Download
memory/1988-63-0x0000000074200000-0x00000000747AB000-memory.dmp

Filesize
5.7MB

Download