Analysis
-
max time kernel
148s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20241010-en -
submitted
21/02/2025, 15:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.BXRatNET.1.23700.25706.dll
Resource
win7-20241010-en
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.BackDoor.BXRatNET.1.23700.25706.dll
-
Size
636KB
-
MD5
70d771de80d4eb91ea1fb57afac54335
-
SHA1
dc9912acc86ff6053f342ab62546e235e4fced70
-
SHA256
57782ee01eda25c747e35f98eeab417cb9eb47c6bfff7c77a18e4edb063623ae
-
SHA512
0374ef0c0b72d8bbdc164222105cc1a4f56866e06cd47c1eaf2119653367b18cf192587dd22afc08ddb20dbe7de23961a14a386c0f521ac17fa5818f433fc605
-
SSDEEP
6144:uVfEtVeCR1EAXHt/GA7gTrCd3jNgmuZTQTdSmkBiLSbdUQXbo+HGt4m/:uVfEn6QHt/P8C3jcmTI93cn/
Malware Config
Signatures
-
Detect JanelaRAT payload 2 IoCs
resource yara_rule behavioral1/memory/2100-2-0x000000001ACE0000-0x000000001AD88000-memory.dmp family_janelarat behavioral1/memory/2100-3-0x0000000001EE0000-0x0000000001F88000-memory.dmp family_janelarat -
Janelarat family
-
Blocklisted process makes network request 1 IoCs
flow pid Process 4 2100 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2100 rundll32.exe