njrat | 9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07 | Triage

Submit
Reports

Overview

overview

Static

static

3

9caf7f30a4...07.exe

windows7-x64

9caf7f30a4...07.exe

windows10-2004-x64

Sharing

General

Target

9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07
Size

552KB
Sample

241104-c2ltha1erg
MD5

78e3045f72689b705ce806b206363733
SHA1

3033541dfb593c52c9975ea919041e087610b468
SHA256

9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07
SHA512

289193a3d43d1c09ba1fb809b279b7c4de7bfae2068bff187815cd72bc0b3c098cda4a302ab3e3738214f2b99a76244d586712a905fbb4424ea425b596a52921
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fj:RGk69IS0rw4pP9p416QMaBnRCj

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07.exe

Resource

win7-20240708-en

njrat oct discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07.exe

Resource

win10v2004-20241007-en

njrat oct discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07
- Size
  
  552KB
- MD5
  
  78e3045f72689b705ce806b206363733
- SHA1
  
  3033541dfb593c52c9975ea919041e087610b468
- SHA256
  
  9caf7f30a4c05e494861099f3d883851850d3b0f66d08fd01f1b9abc049bcb07
- SHA512
  
  289193a3d43d1c09ba1fb809b279b7c4de7bfae2068bff187815cd72bc0b3c098cda4a302ab3e3738214f2b99a76244d586712a905fbb4424ea425b596a52921
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fj:RGk69IS0rw4pP9p416QMaBnRCj
Score

10^/10

njrat oct discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2024

Terms | Privacy