Overview

overview

10

Static

static

5

10fb9346fd...28.exe

windows7_x64

10

10fb9346fd...28.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10fb9346fd965b69c8aa00c9350988d18364857f65ff7e123263a67667413228

  • Size

    1009KB

  • Sample

    210830-2nbxw8aet6

  • MD5

    d9f91cf3867b5e6f3317cca8f692bba2

  • SHA1

    4268621ec31573e752ee3d54e38ac4ce870adbff

  • SHA256

    10fb9346fd965b69c8aa00c9350988d18364857f65ff7e123263a67667413228

  • SHA512

    a3899187814da50dad5e4ed5f46d461887edb9e2d11c7b3938f2c80886a7f2aa2fb22db656e13cb12530d9d935a70cf2eac7d2f0bfe4d92ecd22200cffda1d30

Score
10/10
njratlimebot3trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Limebot3

C2

microsoftdnsbug.duckdns.org:6699

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    luffy

Targets

    • Target

      10fb9346fd965b69c8aa00c9350988d18364857f65ff7e123263a67667413228

    • Size

      1009KB

    • MD5

      d9f91cf3867b5e6f3317cca8f692bba2

    • SHA1

      4268621ec31573e752ee3d54e38ac4ce870adbff

    • SHA256

      10fb9346fd965b69c8aa00c9350988d18364857f65ff7e123263a67667413228

    • SHA512

      a3899187814da50dad5e4ed5f46d461887edb9e2d11c7b3938f2c80886a7f2aa2fb22db656e13cb12530d9d935a70cf2eac7d2f0bfe4d92ecd22200cffda1d30

    Score
    10/10
    njratlimebot3trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks