Overview

overview

10

Static

static

8797AB41F8...1F.exe

windows7_x64

10

8797AB41F8...1F.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8797AB41F89827F3231B25B4240FD7AAE72EE46415E1F.exe

  • Size

    373KB

  • Sample

    210930-aebnxafhh8

  • MD5

    9eb869a782ce77b409f6126372c9d231

  • SHA1

    b2aece502fa66059dcc61e33bd2e4822e01182df

  • SHA256

    8797ab41f89827f3231b25b4240fd7aae72ee46415e1f28a3b81148debc00408

  • SHA512

    fb2ef14ca11855fdc4ae37233cf52c99b619f9739bfafd1ce2ccfdcdd1df6a679c779312a01fde2115b86c4f08f8f9e832bdab119c570bf28a6cfc65f5c001d6

Score
10/10
njratlimelinkpdftrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

soportesltda30.duckdns.org:4433

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    jairpicc

Targets

    • Target

      8797AB41F89827F3231B25B4240FD7AAE72EE46415E1F.exe

    • Size

      373KB

    • MD5

      9eb869a782ce77b409f6126372c9d231

    • SHA1

      b2aece502fa66059dcc61e33bd2e4822e01182df

    • SHA256

      8797ab41f89827f3231b25b4240fd7aae72ee46415e1f28a3b81148debc00408

    • SHA512

      fb2ef14ca11855fdc4ae37233cf52c99b619f9739bfafd1ce2ccfdcdd1df6a679c779312a01fde2115b86c4f08f8f9e832bdab119c570bf28a6cfc65f5c001d6

    Score
    10/10
    njratlimelinkpdftrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks