njrat | 1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e | Triage

Submit
Reports

Overview

overview

Static

static

3

1e7043450b...4e.exe

windows7-x64

1e7043450b...4e.exe

windows10-2004-x64

Sharing

General

Target

1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e
Size

552KB
Sample

240910-yc84dssgmf
MD5

c4789f6cbdf66ba0e065a8f498568d11
SHA1

8cc353ffcbf2631d0420e55861f0a0e9e7cc7c7a
SHA256

1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e
SHA512

6e5e5ffeb89e129b42f41658f4679dce427b71d828598943a0a268bdb8298a5feda00cda99d4dec82c9f59a70e79562f3e75f0e701e34e604e6d71679a9f5fcc
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fc:RGk69IS0rw4pP9p416QMaBnRCc

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e.exe

Resource

win7-20240903-en

njrat oct discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e.exe

Resource

win10v2004-20240802-en

njrat oct discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e
- Size
  
  552KB
- MD5
  
  c4789f6cbdf66ba0e065a8f498568d11
- SHA1
  
  8cc353ffcbf2631d0420e55861f0a0e9e7cc7c7a
- SHA256
  
  1e7043450b71b98a37f88078890513796d720e616d44f62368f1ca5ec057424e
- SHA512
  
  6e5e5ffeb89e129b42f41658f4679dce427b71d828598943a0a268bdb8298a5feda00cda99d4dec82c9f59a70e79562f3e75f0e701e34e604e6d71679a9f5fcc
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fc:RGk69IS0rw4pP9p416QMaBnRCc
Score

10^/10

njrat oct discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2025

Terms | Privacy