Overview

overview

10

Static

static

10

Server.exe

windows7-x64

10

Server.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    296s
  • max time network
    302s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2024, 05:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Server.exe

  • Size

    43KB

  • MD5

    d9dcbd5ca89e7a8e76691c7dca8046c3

  • SHA1

    51036c72c965a41c994bcc6d24d943eebf471c35

  • SHA256

    177954bd295446d67974df22cae9c9d106cce8af9286ef287f1faaf51c1a8255

  • SHA512

    d6ed3f468d1969521b78dd0781730ee77dbf473e5423905e76a0314bd2744e1fcb08ad931b7dc5a89b6def3bd90356400b00c4f73bdeb8a349817094a40d8d69

  • SSDEEP

    384:IZyZcg98NaIyrtdd32E68ETiE7QzsIij+ZsNO3PlpJKkkjh/TzF7pWnXmgreT0pO:+4ywFrLd32HfquXQ/ouC+L

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:11237

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • Njrat family
    njrat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Server.exe
    "C:\Users\Admin\AppData\Local\Temp\Server.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:744

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    134.130.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.130.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    18.197.239.109
  • flag-us
    DNS
    109.239.197.18.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    109.239.197.18.in-addr.arpa
    IN PTR
    Response
    109.239.197.18.in-addr.arpa
    IN PTR
    ec2-18-197-239-109 eu-central-1compute amazonawscom
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    181.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    3.66.38.117
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    30.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    3.68.171.119
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    3.66.38.117
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    3.69.157.220
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    52.28.247.255
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    52.28.247.255
  • flag-us
    DNS
    6.tcp.eu.ngrok.io
    Server.exe
    Remote address:
    8.8.8.8:53
    Request
    6.tcp.eu.ngrok.io
    IN A
    Response
    6.tcp.eu.ngrok.io
    IN A
    3.68.171.119
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    374 B
     383 B
     4
    4
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 18.197.239.109:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     160 B
     5
    4
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     160 B
     5
    4
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.66.38.117:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.69.157.220:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     80 B
     5
    2
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 52.28.247.255:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 3.68.171.119:11237
    6.tcp.eu.ngrok.io
    Server.exe
    260 B
     200 B
     5
    5
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    134.130.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    134.130.81.91.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    18.197.239.109

  • 8.8.8.8:53
    109.239.197.18.in-addr.arpa
    dns
    73 B
     140 B
     1
    1

    DNS Request

    109.239.197.18.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    181.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    181.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    3.66.38.117

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    30.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    30.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    3.68.171.119

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    3.66.38.117

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    3.69.157.220

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    52.28.247.255

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    52.28.247.255

  • 8.8.8.8:53
    6.tcp.eu.ngrok.io
    dns
    Server.exe
    63 B
     79 B
     1
    1

    DNS Request

    6.tcp.eu.ngrok.io

    DNS Response

    3.68.171.119

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/744-0-0x0000000074FBE000-0x0000000074FBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/744-1-0x0000000000CB0000-0x0000000000CC2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/744-2-0x0000000005690000-0x000000000572C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/744-3-0x0000000005FB0000-0x0000000006554000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/744-5-0x0000000005AA0000-0x0000000005B32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/744-4-0x0000000074FB0000-0x0000000075760000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/744-6-0x0000000005A80000-0x0000000005A8A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/744-7-0x0000000005CC0000-0x0000000005D26000-memory.dmp

    Filesize

    408KB

    Download

  • memory/744-8-0x0000000006BF0000-0x0000000006C08000-memory.dmp

    Filesize

    96KB

    Download

  • memory/744-9-0x0000000074FBE000-0x0000000074FBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/744-10-0x0000000074FB0000-0x0000000075760000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.