njrat | dc8bfeafe82d1216850834deb12cf331e7920dff641d652d3a0652c9d32cf09e | Triage

Sharing

General

Target

dc8bfeafe82d1216850834deb12cf331e7920dff641d652d3a0652c9d32cf09e
Size

275KB
Sample

220524-3z92esccf7
MD5

6ec21f506d9b403b147d9fe40ca7ebd3
SHA1

455db25e659fa157b0ce4cdcdc32c865b2f6b1e2
SHA256

dc8bfeafe82d1216850834deb12cf331e7920dff641d652d3a0652c9d32cf09e
SHA512

72d34c4b2517a6d709bb2c710bf54f9974b692c86fcf178749b2357dcc3b257bad86e3f1cec8ea1fed8871adac56ac48d8cecba3bfcef49a094fd40e29e10992

Score

10^/10

njrat lime trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

kornporp.duckdns.org:6699

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
luffy

Targets

- Target
  
  dc8bfeafe82d1216850834deb12cf331e7920dff641d652d3a0652c9d32cf09e
- Size
  
  275KB
- MD5
  
  6ec21f506d9b403b147d9fe40ca7ebd3
- SHA1
  
  455db25e659fa157b0ce4cdcdc32c865b2f6b1e2
- SHA256
  
  dc8bfeafe82d1216850834deb12cf331e7920dff641d652d3a0652c9d32cf09e
- SHA512
  
  72d34c4b2517a6d709bb2c710bf54f9974b692c86fcf178749b2357dcc3b257bad86e3f1cec8ea1fed8871adac56ac48d8cecba3bfcef49a094fd40e29e10992
Score

10^/10

njrat lime trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

njratlimetrojan

behavioral2

njratlimetrojan