Overview

overview

10

Static

static

5

e106d5d39b...7f.exe

windows7_x64

10

e106d5d39b...7f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e106d5d39b68d3ba8ad31ab3db498465216058e844ef26fb06e27dca54b1da7f

  • Size

    1009KB

  • Sample

    210830-jtcd74fab6

  • MD5

    a6ffc29755b37ddc114f5d8866121479

  • SHA1

    1b7e52f1bc0cf2305da5a08b5505db455a5bafd1

  • SHA256

    e106d5d39b68d3ba8ad31ab3db498465216058e844ef26fb06e27dca54b1da7f

  • SHA512

    ab2a939e7483ba343ee28037a9338ae64380520a58af13a388aa82d7b7996aa70a2a32dbdba109636128cae7e2ea4b3d74f4f09f672aad80d4ddb683c5744fdd

Score
10/10
njratlimebot3trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Limebot3

C2

microsoftdnsbug.duckdns.org:6699

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    luffy

Targets

    • Target

      e106d5d39b68d3ba8ad31ab3db498465216058e844ef26fb06e27dca54b1da7f

    • Size

      1009KB

    • MD5

      a6ffc29755b37ddc114f5d8866121479

    • SHA1

      1b7e52f1bc0cf2305da5a08b5505db455a5bafd1

    • SHA256

      e106d5d39b68d3ba8ad31ab3db498465216058e844ef26fb06e27dca54b1da7f

    • SHA512

      ab2a939e7483ba343ee28037a9338ae64380520a58af13a388aa82d7b7996aa70a2a32dbdba109636128cae7e2ea4b3d74f4f09f672aad80d4ddb683c5744fdd

    Score
    10/10
    njratlimebot3trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks