njrat | 49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf | Triage

Submit
Reports

Overview

overview

Static

static

5

49c58fe5c7...cf.exe

windows7_x64

49c58fe5c7...cf.exe

windows10_x64

Sharing

General

Target

49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf
Size

1009KB
Sample

210830-ptg26y77es
MD5

749ebef6c4ae90cf84e427ca29f2cc2d
SHA1

b51a6856f1539d5e1d38aba0212222ebc69e7922
SHA256

49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf
SHA512

62020030df7136c10495c79866d255e91033481c7be41173414e01f9bdcff4e139954c00a62db959ec123950afa8d8b18c324751500ed87f0236462985130115

Score

10^/10

njrat limebot3 trojan

Static task

static1

Behavioral task

behavioral1

Sample

49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf.exe

Resource

win7v20210408

njrat limebot3 trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf.exe

Resource

win10v20210408

njrat limebot3 trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Limebot3

C2

microsoftdnsbug.duckdns.org:6699

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
luffy

Targets

- Target
  
  49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf
- Size
  
  1009KB
- MD5
  
  749ebef6c4ae90cf84e427ca29f2cc2d
- SHA1
  
  b51a6856f1539d5e1d38aba0212222ebc69e7922
- SHA256
  
  49c58fe5c75847250c7e5667e743777d34655ed41297acf072f8f7eb9db314cf
- SHA512
  
  62020030df7136c10495c79866d255e91033481c7be41173414e01f9bdcff4e139954c00a62db959ec123950afa8d8b18c324751500ed87f0236462985130115
Score

10^/10

njrat limebot3 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Suspicious use of SetThreadContext
- autoit_exe
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratlimebot3trojan

behavioral2

njratlimebot3trojan

© 2018-2024

Terms | Privacy