njrat | 4e8e6f8e7ce880e9e370a5ea1c2b12c0d7caf500c16baa55fedd02dec88e0b36 | Triage

Sharing

General

Target

NEAS.dd800b9e92aef63fa936dc5606ccf4e0_JC.exe
Size

78KB
Sample

231026-zgfhbafh3y
MD5

dd800b9e92aef63fa936dc5606ccf4e0
SHA1

2b2c7e8bef650e2c7e8a48a24a991380eb346d7a
SHA256

4e8e6f8e7ce880e9e370a5ea1c2b12c0d7caf500c16baa55fedd02dec88e0b36
SHA512

6458a52616f9688cbd9af25eedea17d19168cdbdd24b246712158d26190fc40c8b20100776242bce1c7610ec808382b4ed8a0edda1f6add8306cb4cdb4a4b081
SSDEEP

1536:YRBx+NNV35DpOS5wpOk3JCK6pFo3D/6fOpd/9nEh9TGsJ6R:qwWQwpOk5CK6fO/9ESsJ6

Score

10^/10

njrat limebot3 microsoft phishing

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Limebot3

C2

microsoftdnsbug.duckdns.org:6699

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
luffy

Targets

- Target
  
  NEAS.dd800b9e92aef63fa936dc5606ccf4e0_JC.exe
- Size
  
  78KB
- MD5
  
  dd800b9e92aef63fa936dc5606ccf4e0
- SHA1
  
  2b2c7e8bef650e2c7e8a48a24a991380eb346d7a
- SHA256
  
  4e8e6f8e7ce880e9e370a5ea1c2b12c0d7caf500c16baa55fedd02dec88e0b36
- SHA512
  
  6458a52616f9688cbd9af25eedea17d19168cdbdd24b246712158d26190fc40c8b20100776242bce1c7610ec808382b4ed8a0edda1f6add8306cb4cdb4a4b081
- SSDEEP
  
  1536:YRBx+NNV35DpOS5wpOk3JCK6pFo3D/6fOpd/9nEh9TGsJ6R:qwWQwpOk5CK6fO/9ESsJ6
Score

5^/10

microsoft phishing
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

microsoftphishing