njrat | ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbd | Triage

Submit
Reports

Overview

overview

Static

static

3

ab5d169e4e...dN.exe

windows7-x64

ab5d169e4e...dN.exe

windows10-2004-x64

Sharing

General

Target

ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbdN
Size

552KB
Sample

241105-z1xwpszalk
MD5

0c7d40b626d372d4a11cd4f8a4cb1d60
SHA1

338968dd963bdff857e6a0b49b0a928ee524c881
SHA256

ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbd
SHA512

f39cae0c20cec5b5c9ef87f59d62eb9a272f25a5cdcf444813c864d9b6fe95fb35cc2219637653ff5a656d54b27a68966f33496555a3fda6f387fc6a6942b5bc
SSDEEP

12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fC:RGk69IS0rw4pP9p416QMaBnRCC

Score

10^/10

njrat oct discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbdN.exe

Resource

win7-20240903-en

njrat oct discovery trojan

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbdN.exe

Resource

win10v2004-20241007-en

njrat oct discovery trojan

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes

reg_key
update.exe
splitter
0987

Targets

- Target
  
  ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbdN
- Size
  
  552KB
- MD5
  
  0c7d40b626d372d4a11cd4f8a4cb1d60
- SHA1
  
  338968dd963bdff857e6a0b49b0a928ee524c881
- SHA256
  
  ab5d169e4e341c46b6555d63f3ed530b9d63bf072d44581b56c37bf896b3ddbd
- SHA512
  
  f39cae0c20cec5b5c9ef87f59d62eb9a272f25a5cdcf444813c864d9b6fe95fb35cc2219637653ff5a656d54b27a68966f33496555a3fda6f387fc6a6942b5bc
- SSDEEP
  
  12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fC:RGk69IS0rw4pP9p416QMaBnRCC
Score

10^/10

njrat oct discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratoctdiscoverytrojan

behavioral2

njratoctdiscoverytrojan

© 2018-2024

Terms | Privacy