njrat | d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9 | Triage

Submit
Reports

Overview

overview

Static

static

3

d1cad2d680...9N.exe

windows7-x64

d1cad2d680...9N.exe

windows10-2004-x64

Sharing

General

Target

d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9N
Size

552KB
Sample

241022-dsdl7steld
MD5

2692d319a3b52e1da132786848c288e0
SHA1

e3554b5406393a977d39eb9ec666a28687eef4f7
SHA256

d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9
SHA512

09c5782c472333eea0f00d248769da838095155725de1c8d019b6c0791e5ee7dad15dc887ebbf70fd8f7927c7d6296eb2266a0a7aabdc78a8c10e1ee537ecc95
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fy:RGk69IS0rw4pP9p416QMaBnRCy

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9N.exe

Resource

win7-20241010-en

njrat oct discovery trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9N.exe

Resource

win10v2004-20241007-en

njrat oct discovery trojan

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9N
- Size
  
  552KB
- MD5
  
  2692d319a3b52e1da132786848c288e0
- SHA1
  
  e3554b5406393a977d39eb9ec666a28687eef4f7
- SHA256
  
  d1cad2d68060b31444cb6cd04ed6233eee8bfa6e694784ce5640b0b3928ab3c9
- SHA512
  
  09c5782c472333eea0f00d248769da838095155725de1c8d019b6c0791e5ee7dad15dc887ebbf70fd8f7927c7d6296eb2266a0a7aabdc78a8c10e1ee537ecc95
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fy:RGk69IS0rw4pP9p416QMaBnRCy
Score

10^/10

njrat oct discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2025

Terms | Privacy