Overview

overview

10

Static

static

1

CamScanner...25.vbs

windows7-x64

10

CamScanner...25.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CamScanner 025-07-2023 15.25.uu

  • Size

    2KB

  • Sample

    230706-gs581aaf21

  • MD5

    792ceb033fead6ccf4d1ce2a84d1c6f5

  • SHA1

    d12c2ba7f1986985a6edfb4aea8ca16177c6a361

  • SHA256

    8ced75585f5c98ffd2b4da5038b2e8f075388b5379f81cd4c8806e9564004989

  • SHA512

    3b4643ae44cd0d622da40013aee7663f4ca704c4e522b2c94e3f640a7b7c68dbd96e2fae22536c0a1d598dd6eb65a4397243448245ef1a58a64fd020d8f88120

Score
10/10
njratlimetrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pastebin.com/raw/dstpKjTz

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

marianajoselime1101.duckdns.org:1101

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    1234

Targets

    • Target

      CamScanner 025-07-2023 15.25.vbs

    • Size

      217KB

    • MD5

      b42a87075fca0cde6ca7bdaeb9060462

    • SHA1

      3c844a298bb1145b09345f53c9715ead2382a6d9

    • SHA256

      38c24884f4544a32244e520a0868f0a3339f674d25359b6f9a75db6616ee25c4

    • SHA512

      e5ff9878190be2bc37c6d1a966b5ff109b733bd6cbf8b7cbc4c2d2fc5c67ffdc82b92df03f92e5cea8b3716dc5a174836daec6f2cd433fc60af5a8b35d53f7cb

    • SSDEEP

      3072:i5d6525555555e555555555555p5555Gu0555tR:y

    Score
    10/10
    njratlimetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks