njrat | 096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90 | Triage

Sharing

General

Target

NEAS.096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90exe_JC.exe
Size

78KB
Sample

231025-rg54zahf44
MD5

ac63955ca4261eab11b0b3142360d160
SHA1

c768045e60083ecf3424d2fb1e4d9b039645140e
SHA256

096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90
SHA512

4e2f08ceae6c619d9ad6effbf2806b594d2c50e139dde2bbbc155f2aa1ef83f2decdf6b9ddba04779494169e551148707d6ac452b0ea008fdfa4f80a1f085f10
SSDEEP

1536:/FU+P9NDXDpRS5wpOk3JCK6pFouX96fOpd/9nEh9TG5JdR:lHQwpOk5CK6gO/9ES5Jd

Score

10^/10

njrat lime trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

dominicananjv.duckdns.org:8520

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
8520

Targets

- Target
  
  NEAS.096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90exe_JC.exe
- Size
  
  78KB
- MD5
  
  ac63955ca4261eab11b0b3142360d160
- SHA1
  
  c768045e60083ecf3424d2fb1e4d9b039645140e
- SHA256
  
  096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90
- SHA512
  
  4e2f08ceae6c619d9ad6effbf2806b594d2c50e139dde2bbbc155f2aa1ef83f2decdf6b9ddba04779494169e551148707d6ac452b0ea008fdfa4f80a1f085f10
- SSDEEP
  
  1536:/FU+P9NDXDpRS5wpOk3JCK6pFouX96fOpd/9nEh9TG5JdR:lHQwpOk5CK6gO/9ES5Jd
Score

10^/10

njrat lime trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratlimetrojan

behavioral2

njratlimetrojan