njrat | b78e09a414b8cdd11d49f2790184346d0c0011d5a303d18b7d033d8b4fb092c8 | Triage

Submit
Reports

Overview

overview

Static

static

7

NEAS.85f5b...e0.exe

windows7-x64

NEAS.85f5b...e0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe
Size

488KB
Sample

231116-2e9pgsag98
MD5

85f5baa526d15f4a1cfd53b24c5d65e0
SHA1

c4b941910bfc024806d5bbe0bfef4d2358feeff6
SHA256

b78e09a414b8cdd11d49f2790184346d0c0011d5a303d18b7d033d8b4fb092c8
SHA512

b906468baa7562ca2986c9bdbd755f3539ac0422feac719c2e49bed3cf1ae330a026d896ca1a9e4e28f567a614bad8584e9e70da9c521517ff3bb98255f8e522
SSDEEP

12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQq:WEN973phvt8tmUdkw1xo9xtacE09q

Score

10^/10

njrat limebot3 trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe

Resource

win7-20231023-en

njrat limebot3 trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe

Resource

win10v2004-20231023-en

njrat limebot3 trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Limebot3

C2

microsoftdnsbug.duckdns.org:6699

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
luffy

Targets

- Target
  
  NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe
- Size
  
  488KB
- MD5
  
  85f5baa526d15f4a1cfd53b24c5d65e0
- SHA1
  
  c4b941910bfc024806d5bbe0bfef4d2358feeff6
- SHA256
  
  b78e09a414b8cdd11d49f2790184346d0c0011d5a303d18b7d033d8b4fb092c8
- SHA512
  
  b906468baa7562ca2986c9bdbd755f3539ac0422feac719c2e49bed3cf1ae330a026d896ca1a9e4e28f567a614bad8584e9e70da9c521517ff3bb98255f8e522
- SSDEEP
  
  12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQq:WEN973phvt8tmUdkw1xo9xtacE09q
Score

10^/10

njrat limebot3 trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratlimebot3trojanupx

behavioral2

njratlimebot3trojanupx

© 2018-2024

Terms | Privacy