Analysis
-
max time kernel
149s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
submitted
21/02/2025, 15:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.BXRatNET.1.23700.25706.dll
Resource
win7-20241010-en
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.BackDoor.BXRatNET.1.23700.25706.dll
-
Size
636KB
-
MD5
70d771de80d4eb91ea1fb57afac54335
-
SHA1
dc9912acc86ff6053f342ab62546e235e4fced70
-
SHA256
57782ee01eda25c747e35f98eeab417cb9eb47c6bfff7c77a18e4edb063623ae
-
SHA512
0374ef0c0b72d8bbdc164222105cc1a4f56866e06cd47c1eaf2119653367b18cf192587dd22afc08ddb20dbe7de23961a14a386c0f521ac17fa5818f433fc605
-
SSDEEP
6144:uVfEtVeCR1EAXHt/GA7gTrCd3jNgmuZTQTdSmkBiLSbdUQXbo+HGt4m/:uVfEn6QHt/P8C3jcmTI93cn/
Malware Config
Signatures
-
Detect JanelaRAT payload 2 IoCs
resource yara_rule behavioral2/memory/1840-2-0x0000000000E20000-0x0000000000EC8000-memory.dmp family_janelarat behavioral2/memory/1840-3-0x000000005F270000-0x000000005F318000-memory.dmp family_janelarat -
Janelarat family
-
Blocklisted process makes network request 1 IoCs
flow pid Process 17 1840 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe 1840 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1840 rundll32.exe