Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31-10-2023 07:08
General
-
Target
bRcl.exe
-
Size
23KB
-
MD5
4147636832178d0029c0728397c563e3
-
SHA1
4caa679de73f4733eef673228164f0e2da433ff7
-
SHA256
138f3ba0bc1a8074a50b7c2d6c219c573987495dd897e594549bd2950f5d4072
-
SHA512
1c24b5834cfb88f9d0e5faf377829fc826a72167a9704669657b5a5388d1bd14e667e0581ecda207e1fd27ec038944b9661dd8510de065fd0913c47c395ba397
-
SSDEEP
384:boWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZPF:0Juk9pHRpcnuK
Score
10/10
Malware Config
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Drops startup file 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bRcl.exe"C:\Users\Admin\AppData\Local\Temp\bRcl.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\bRcl.exe" "bRcl.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4436-0-0x0000000074B60000-0x0000000075111000-memory.dmpFilesize
5.7MB
-
memory/4436-1-0x0000000074B60000-0x0000000075111000-memory.dmpFilesize
5.7MB
-
memory/4436-2-0x0000000000C00000-0x0000000000C10000-memory.dmpFilesize
64KB
-
memory/4436-3-0x0000000074B60000-0x0000000075111000-memory.dmpFilesize
5.7MB
-
memory/4436-4-0x0000000000C00000-0x0000000000C10000-memory.dmpFilesize
64KB
-
memory/4436-6-0x0000000000C00000-0x0000000000C10000-memory.dmpFilesize
64KB
-
memory/4436-7-0x0000000000C00000-0x0000000000C10000-memory.dmpFilesize
64KB