njrat | 0e4cd222f12628abfc6f72cbb424a88bdf08c744fb8c61f26426f5f7268314df | Triage

Sharing

General

Target

ac63955ca4261eab11b0b3142360d160.bin
Size

35KB
Sample

231026-cj55esbb52
MD5

297ccfb3450f90d3bfff1ea19f56b4b8
SHA1

f79b8723ed3f33c8fe73247446f9a0ed00856ab8
SHA256

0e4cd222f12628abfc6f72cbb424a88bdf08c744fb8c61f26426f5f7268314df
SHA512

19bb0004966c13c0da3990f0094e46f110d111e503eeee49dc4801ae854cdbd9f87e776dd69e40d0f841735abaa18f53b8b45a79259affd52e65d4231d75453b
SSDEEP

768:xBw96rQtnJ5pfbnBPURI7MPu/qxKWbznGo1BDymzzcSXf:xC96rmJ5JR0I7MPu/qV1Qmnx

Score

10^/10

njrat lime trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

dominicananjv.duckdns.org:8520

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
8520

Targets

- Target
  
  096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90.exe
- Size
  
  78KB
- MD5
  
  ac63955ca4261eab11b0b3142360d160
- SHA1
  
  c768045e60083ecf3424d2fb1e4d9b039645140e
- SHA256
  
  096d974a744eff570c7e45a9da310768215f218295f18030de2a3459b55feb90
- SHA512
  
  4e2f08ceae6c619d9ad6effbf2806b594d2c50e139dde2bbbc155f2aa1ef83f2decdf6b9ddba04779494169e551148707d6ac452b0ea008fdfa4f80a1f085f10
- SSDEEP
  
  1536:/FU+P9NDXDpRS5wpOk3JCK6pFouX96fOpd/9nEh9TG5JdR:lHQwpOk5CK6gO/9ES5Jd
Score

10^/10

njrat lime trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratlimetrojan

behavioral2

njratlimetrojan