Overview

overview

10

Static

static

10

bI5I.exe

windows7-x64

10

bI5I.exe

windows10-2004-x64

10

Resubmissions

04-01-2023 16:49

230104-vbm8racc4z 10

04-01-2023 12:54

230104-p49pkaff72 10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2023 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bI5I.exe

  • Size

    25KB

  • MD5

    6e09d0b1cab55f424bfe35bc8506b731

  • SHA1

    96686edf4bcc7b9d6a4f2fc4d4090f636291b13a

  • SHA256

    3099206cb7db28552e5614d387e390516eb193259b400c2f6c9197e3d509b592

  • SHA512

    f8e3a93cb5651641b61528b59d05a6e4645eb8db236dd220856cd96aef89c3334fed336b38e42f6dc38e2f67f344cb985fa516a9436394901eeac2f41fc51d53

  • SSDEEP

    384:eLhzkaJcPknNlxlehKNOYUikkdIVYlvM3iY2OzRLTm3yilqq6xpBtVvZ:IK0cu3reOELGlvqisFBVvZ

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d By Pjoao1578

Botnet

HacKed

C2

https://pastebin.com/raw/H9hfZYSE:7000

Mutex

6a2634340fbf8a0a2c038c6263d49fd1

Attributes
  • reg_key

    6a2634340fbf8a0a2c038c6263d49fd1

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bI5I.exe
    "C:\Users\Admin\AppData\Local\Temp\bI5I.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:1636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1636-54-0x0000000000E20000-0x0000000000E2C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1636-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

    Filesize

    8KB

    Download