Analysis Overview
SHA256
ec19b1eba196b2f786419af500ded217741d352bf0c6f025a802a907e24f00da
Threat Level: Known bad
The file 97a0eb57238595a3e8098174f540f838 was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-02-12 21:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-12 21:18
Reported
2024-02-12 21:21
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
njRAT/Bladabindi
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\97a0eb57238595a3e8098174f540f838.exe
"C:\Users\Admin\AppData\Local\Temp\97a0eb57238595a3e8098174f540f838.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 16.234.44.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp |
Files
memory/744-0-0x0000000000490000-0x00000000004AE000-memory.dmp
memory/744-1-0x0000000074820000-0x0000000074FD0000-memory.dmp
memory/744-2-0x0000000004ED0000-0x0000000004F6C000-memory.dmp
memory/744-3-0x00000000028A0000-0x00000000028AC000-memory.dmp
memory/744-4-0x0000000004DC0000-0x0000000004DD0000-memory.dmp
memory/744-5-0x0000000005520000-0x0000000005AC4000-memory.dmp
memory/744-6-0x0000000005090000-0x0000000005122000-memory.dmp
memory/744-7-0x0000000005080000-0x000000000508A000-memory.dmp
memory/744-8-0x0000000074820000-0x0000000074FD0000-memory.dmp
memory/744-9-0x0000000004DC0000-0x0000000004DD0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-12 21:18
Reported
2024-02-12 21:21
Platform
win7-20231215-en
Max time kernel
149s
Max time network
120s
Command Line
Signatures
njRAT/Bladabindi
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\97a0eb57238595a3e8098174f540f838.exe
"C:\Users\Admin\AppData\Local\Temp\97a0eb57238595a3e8098174f540f838.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp | |
| N/A | 127.0.0.1:4455 | tcp |
Files
memory/1916-0-0x00000000013E0000-0x00000000013FE000-memory.dmp
memory/1916-1-0x0000000074240000-0x000000007492E000-memory.dmp
memory/1916-2-0x0000000000360000-0x000000000036C000-memory.dmp
memory/1916-3-0x0000000004980000-0x00000000049C0000-memory.dmp
memory/1916-4-0x0000000074240000-0x000000007492E000-memory.dmp
memory/1916-5-0x0000000004980000-0x00000000049C0000-memory.dmp