njrat | f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c | Triage

Submit
Reports

Overview

overview

Static

static

f992aa328b...1c.exe

windows7_x64

f992aa328b...1c.exe

windows10-2004_x64

Sharing

General

Target

f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
Size

374KB
Sample

220203-r5ab7safgp
MD5

1de15800d08f248b647077f0fe52f5c1
SHA1

40616e40110b24faf0ff3af1285e628f3f8e595d
SHA256

f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
SHA512

012995a859d376965363f49ef1cdaab5d88a9a57847786f2421183757942edf135f933f0a66ab0e2ce281c8287e3efa87c11f90118f0d745166614446132cc50

Score

10^/10

njrat lime link pdf persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c.exe

Resource

win7-en-20211208

njrat lime link pdf suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c.exe

Resource

win10v2004-en-20220113

njrat lime link pdf persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

soportesltda30.duckdns.org:4433

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
jairpicc

Targets

- Target
  
  f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
- Size
  
  374KB
- MD5
  
  1de15800d08f248b647077f0fe52f5c1
- SHA1
  
  40616e40110b24faf0ff3af1285e628f3f8e595d
- SHA256
  
  f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
- SHA512
  
  012995a859d376965363f49ef1cdaab5d88a9a57847786f2421183757942edf135f933f0a66ab0e2ce281c8287e3efa87c11f90118f0d745166614446132cc50
Score

10^/10

njrat lime link pdf suricata trojan persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratlimelinkpdfsuricatatrojan

behavioral2

njratlimelinkpdfpersistencetrojan

© 2018-2024

Terms | Privacy