Overview

overview

10

Static

static

3

e1d05919dc...6N.exe

windows7-x64

10

e1d05919dc...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1d05919dc9857ac80d2dfebcfdb8aded6d74d5fa29e786d076bf5403d6455f6N

  • Size

    552KB

  • Sample

    240930-ht2smswelc

  • MD5

    bb4985bd673d0458a4f52a155e0eb4c0

  • SHA1

    f009f6298dd924d3c3de26f6a5a17661ac543b94

  • SHA256

    e1d05919dc9857ac80d2dfebcfdb8aded6d74d5fa29e786d076bf5403d6455f6

  • SHA512

    ff8644baf277a1aa9160e278077ac8f26b2365b225535bc839289a73be31996acf06d9c75882e6e3bcca4b0f83cad894023a2d78af986c9b86178b22fc3b6830

  • SSDEEP

    12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fq:RGk69IS0rw4pP9p416QMaBnRCq

Score
10/10
njratoctdiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes
  • reg_key

    update.exe

  • splitter

    0987

Targets

    • Target

      e1d05919dc9857ac80d2dfebcfdb8aded6d74d5fa29e786d076bf5403d6455f6N

    • Size

      552KB

    • MD5

      bb4985bd673d0458a4f52a155e0eb4c0

    • SHA1

      f009f6298dd924d3c3de26f6a5a17661ac543b94

    • SHA256

      e1d05919dc9857ac80d2dfebcfdb8aded6d74d5fa29e786d076bf5403d6455f6

    • SHA512

      ff8644baf277a1aa9160e278077ac8f26b2365b225535bc839289a73be31996acf06d9c75882e6e3bcca4b0f83cad894023a2d78af986c9b86178b22fc3b6830

    • SSDEEP

      12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fq:RGk69IS0rw4pP9p416QMaBnRCq

    Score
    10/10
    njratoctdiscoverytrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks