Overview

overview

10

Static

static

10

bMY4.exe

windows7-x64

8

bMY4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2023, 20:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bMY4.exe

  • Size

    23KB

  • MD5

    6871449a52e2076a89a6c9279fb35475

  • SHA1

    de600d1a6a97cd29bd977cd0db2bddfc2a403e63

  • SHA256

    3cb22c29fad4b8369e7c77f5b7d7bf81941cbe57bc5df6fcadff39810234ee31

  • SHA512

    f54d35b0c8d2978e074e9cd8bea8a63c866af5db49badf17f4b64ec60ddb044b5c571e1731de9673875510d859dce3443eec8cb7d10216073952c2a7852b9fea

  • SSDEEP

    384:ocqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZVVJP:X30py6vhxaRpcnu2

Score
10/10
njratevasiontrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bMY4.exe
    "C:\Users\Admin\AppData\Local\Temp\bMY4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\bMY4.exe" "bMY4.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:2204

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1000-133-0x00000000010E0000-0x00000000010F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-134-0x00000000010E0000-0x00000000010F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-135-0x00000000010E0000-0x00000000010F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-136-0x00000000010E0000-0x00000000010F0000-memory.dmp

          Filesize

          64KB

          Download