424b1800061eb3534756eada61219882687a8f99d206d300ba7e4696066aaac8

General
Target

424b1800061eb3534756eada61219882687a8f99d206d300ba7e4696066aaac8

Size

1009KB

Sample

210922-rwlnwadac7

Score
10 /10
MD5

dd50c188aabc9e550fc221de015ddb55

SHA1

068aa881159f72c4454f44f32fb754fc5b88f688

SHA256

424b1800061eb3534756eada61219882687a8f99d206d300ba7e4696066aaac8

SHA512

b63b109c27987c3b873c378707eb983c60b782e7e9a2ec0dafac7130ef17da0c034698aaa025cd6103cc5ba6e6fb4e13240a20c773fb2e7a981eef276e406b36

Malware Config

Extracted

Family njrat
Version 0.7.3
Botnet Limebot3
C2

microsoftdnsbug.duckdns.org:6699

Attributes
reg_key
Client.exe
splitter
luffy
Targets
Target

424b1800061eb3534756eada61219882687a8f99d206d300ba7e4696066aaac8

MD5

dd50c188aabc9e550fc221de015ddb55

Filesize

1009KB

Score
10 /10
SHA1

068aa881159f72c4454f44f32fb754fc5b88f688

SHA256

424b1800061eb3534756eada61219882687a8f99d206d300ba7e4696066aaac8

SHA512

b63b109c27987c3b873c378707eb983c60b782e7e9a2ec0dafac7130ef17da0c034698aaa025cd6103cc5ba6e6fb4e13240a20c773fb2e7a981eef276e406b36

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  • autoit_exe

    Description

    AutoIT scripts compiled to PE executables.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      5/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10