njrat | 757d5c44cf044ca61b8402e96f8b8ae40e2cec3bd7fe7d78f24b77b44aa2ee95

Analysis

max time kernel
0s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e15599841999bf17e13b35c788489cd.exe
Size

124KB
MD5

1e15599841999bf17e13b35c788489cd
SHA1

21460a1c90ba2a8cb21e1419f10068b4ef4baa14
SHA256

757d5c44cf044ca61b8402e96f8b8ae40e2cec3bd7fe7d78f24b77b44aa2ee95
SHA512

154f7f8e2b85824b8bafa1c5ef589670031b58d4e1c037705fbd3deb08dfda8f10c96475f9859bbfcaf6ca081316569fad86e6764875ba997a67dc323c800267
SSDEEP

1536:mgJ+ABB2abuvLng2F6rhKTYCpqwJSzvOy9OqS:lIABEabqg2F6R

Score

10^/10

njrat kerieshka trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Kerieshka

2.tcp.ngrok.io:10497

Mutex

95fdec38e3b8066027596a6d420c4af3

Attributes

reg_key
95fdec38e3b8066027596a6d420c4af3
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5084	1e15599841999bf17e13b35c788489cd.exe

C:\Users\Admin\AppData\Local\Temp\1e15599841999bf17e13b35c788489cd.exe
"C:\Users\Admin\AppData\Local\Temp\1e15599841999bf17e13b35c788489cd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5084
- C:\Users\Admin\AppData\Local\Temp\AbcV.exe
  "C:\Users\Admin\AppData\Local\Temp\AbcV.exe"
  2⤵
  PID:2416

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 828
1⤵
PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AbcV.exe

Filesize
23KB

MD5
e6475bf552c65d5e8fc4e64db1bd11ec

SHA1
f466a639d753a7f1291d4f0bc9f85e60ea2e1798

SHA256
88dafdb7000c8e9b8a13f3e1de0ef50428afd6e2fd8a6f50aa3046186d01043d

SHA512
d4c156010ef1a2fe860983fe73fb96b2253868f6e9ebb64a3d9d7bc165fdc323be6eed374b61d8b5b6a06e532278897bfc5ddc2df663ca14a203fbe8cd4c6d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\AbcV.exe

Filesize
31KB

MD5
b343538263fa16d592be9195d0a210f2

SHA1
6535c959cae53a3545330d1f384e5f13dd6fea8b

SHA256
6a42c99aa00b03d297b369510ad14da59b987680948cafb5415d39af33ec80c3

SHA512
8c97a46e5a4445cc8186d5ae035e69e0980e7d4fdc5b3c069eb617748416d2af704215764876f1814f7b62143c039255e374ad5f49a5c9f016f9a4f690c6c197

Download Submit
C:\Users\Admin\AppData\Local\Temp\AbcV.exe

Filesize
23KB

MD5
c7ab40747daff89ed32bad966dedd8a0

SHA1
2938a63a2102660f2c7a79b39d77f42641e4bb8b

SHA256
bcec2b4b8f6591f723ab9bf3336b358b348b218786d81475952f3e7c7e5e3e9a

SHA512
20dff98d9f131439b2cde45916955bbd84e40f7c2f1c57e5bb7567a27ef4f150ce6d14384e6189a5b2effe60f308873b5768a0c5dec0243591ee4d87503e8697

Download Submit
memory/2416-18-0x0000000000DE0000-0x0000000000DF0000-memory.dmp

Filesize
64KB

Download
memory/2416-26-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

Filesize
9.6MB

Download
memory/2416-19-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

Filesize
9.6MB

Download
memory/2416-17-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

Filesize
9.6MB

Download
memory/2416-15-0x000000001B610000-0x000000001B630000-memory.dmp

Filesize
128KB

Download
memory/5084-1-0x0000000000B80000-0x0000000000B90000-memory.dmp

Filesize
64KB

Download
memory/5084-0-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

Filesize
9.6MB

Download
memory/5084-16-0x00007FFEC2660000-0x00007FFEC3001000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads