njrat | 216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690ad | Triage

Submit
Reports

Overview

overview

Static

static

3

216f050c67...dN.exe

windows7-x64

216f050c67...dN.exe

windows10-2004-x64

Sharing

General

Target

216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690adN
Size

552KB
Sample

241002-k2cjtsxhnj
MD5

9d947cec83290e8ce25d04be7eec2620
SHA1

aa13586142e3e11920c0edf995f381f80172fc0a
SHA256

216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690ad
SHA512

868b4cb72a6d32cf56cf76f83082430f8e132224a3996f22c3b5efb41c43738896e51edfb7209bc5550ef06fe02229448b7e474e3007fdfaa7892edeb86148bb
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fx:RGk69IS0rw4pP9p416QMaBnRCx

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690adN.exe

Resource

win7-20240903-en

njrat oct discovery trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690adN.exe

Resource

win10v2004-20240802-en

njrat oct discovery trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690adN
- Size
  
  552KB
- MD5
  
  9d947cec83290e8ce25d04be7eec2620
- SHA1
  
  aa13586142e3e11920c0edf995f381f80172fc0a
- SHA256
  
  216f050c670bb89d1b99df94c447291a276814dead228aa29e953fae604690ad
- SHA512
  
  868b4cb72a6d32cf56cf76f83082430f8e132224a3996f22c3b5efb41c43738896e51edfb7209bc5550ef06fe02229448b7e474e3007fdfaa7892edeb86148bb
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fx:RGk69IS0rw4pP9p416QMaBnRCx
Score

10^/10

njrat oct discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2025

Terms | Privacy