General
-
Target
NEAS.6911dc74413199762f40fd98190e2d70.exe
-
Size
1.6MB
-
Sample
231111-bwx4xaec53
-
MD5
6911dc74413199762f40fd98190e2d70
-
SHA1
a09a9ba7fbda23202fb46562cbca1f7595705d60
-
SHA256
573d3a98a33d41ff765326ddbd1628156475fc9f33795d4c7033ecd9111d5876
-
SHA512
bab573f38fdced20cbd2dc9adfd6cebd2bbb8da86b7cd0386b74f339dd346c57d9809f5957786b79ed5b11e02b80b62e1e7fae7d5fd03993e663afc9b618f36c
-
SSDEEP
24576:uAHnh+eWsN3skA4RV1Hom2KXMmHay5uertmY3Z5hlks/6HnEp6:Zh+ZkldoPK8YayGYUDnf
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.6911dc74413199762f40fd98190e2d70.exe
Resource
win7-20231025-en
Malware Config
Extracted
njrat
0.7.3
Limebot3
microsoftdnsbug.duckdns.org:6699
Client.exe
-
reg_key
Client.exe
-
splitter
luffy
Targets
-
-
Target
NEAS.6911dc74413199762f40fd98190e2d70.exe
-
Size
1.6MB
-
MD5
6911dc74413199762f40fd98190e2d70
-
SHA1
a09a9ba7fbda23202fb46562cbca1f7595705d60
-
SHA256
573d3a98a33d41ff765326ddbd1628156475fc9f33795d4c7033ecd9111d5876
-
SHA512
bab573f38fdced20cbd2dc9adfd6cebd2bbb8da86b7cd0386b74f339dd346c57d9809f5957786b79ed5b11e02b80b62e1e7fae7d5fd03993e663afc9b618f36c
-
SSDEEP
24576:uAHnh+eWsN3skA4RV1Hom2KXMmHay5uertmY3Z5hlks/6HnEp6:Zh+ZkldoPK8YayGYUDnf
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-