njrat | 4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617 | Triage

Submit
Reports

Overview

overview

Static

static

3

4efef6b786...7N.exe

windows7-x64

4efef6b786...7N.exe

windows10-2004-x64

Sharing

General

Target

4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617N
Size

552KB
Sample

241018-n278aavgmc
MD5

391982de84741e4f4f663370774cda90
SHA1

97719efa9c451da3cfc7c5b4292f541589b92207
SHA256

4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617
SHA512

b306eed58e4c0a02bec466029179e76629014d31f6de1fc809ef862609e719eae82a5e698fca43ba948a4df24bf779612c9294775c3941afcc711ff67a4ac2a7
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fO:RGk69IS0rw4pP9p416QMaBnRCO

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617N.exe

Resource

win7-20241010-en

njrat oct discovery trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617N.exe

Resource

win10v2004-20241007-en

njrat oct discovery trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617N
- Size
  
  552KB
- MD5
  
  391982de84741e4f4f663370774cda90
- SHA1
  
  97719efa9c451da3cfc7c5b4292f541589b92207
- SHA256
  
  4efef6b7867e96d28b5f0e776f183fba83f3eb21f240186a569b21e110296617
- SHA512
  
  b306eed58e4c0a02bec466029179e76629014d31f6de1fc809ef862609e719eae82a5e698fca43ba948a4df24bf779612c9294775c3941afcc711ff67a4ac2a7
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fO:RGk69IS0rw4pP9p416QMaBnRCO
Score

10^/10

njrat oct discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2024

Terms | Privacy