njrat | bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555 | Triage

Submit
Reports

Overview

overview

Static

static

bd46f27080...55.exe

windows7_x64

bd46f27080...55.exe

windows10-2004_x64

Sharing

General

Target

bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
Size

373KB
Sample

220203-svnbrabbeq
MD5

742e33685f0b3257ac192e7b6695c8f5
SHA1

a3043a63883165298b6c62a44a9aeb6c3d27b762
SHA256

bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
SHA512

4410f522f0c626f409ab0a919562e3dd64f66ce0c3272c89a44cf4c99fe486ab2f5c2820eb8776d34d3e4ac985f5366a682980e0cdf6f9bff15c966b7c952c19

Score

10^/10

njrat lime link pdf persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555.exe

Resource

win7-en-20211208

njrat lime link pdf suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555.exe

Resource

win10v2004-en-20220112

njrat lime link pdf persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

soportesltda30.duckdns.org:4433

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
jairpicc

Targets

- Target
  
  bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
- Size
  
  373KB
- MD5
  
  742e33685f0b3257ac192e7b6695c8f5
- SHA1
  
  a3043a63883165298b6c62a44a9aeb6c3d27b762
- SHA256
  
  bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
- SHA512
  
  4410f522f0c626f409ab0a919562e3dd64f66ce0c3272c89a44cf4c99fe486ab2f5c2820eb8776d34d3e4ac985f5366a682980e0cdf6f9bff15c966b7c952c19
Score

10^/10

njrat lime link pdf suricata trojan persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratlimelinkpdfsuricatatrojan

behavioral2

njratlimelinkpdfpersistencetrojan

© 2018-2024

Terms | Privacy