njrat | 2900578658bbb8349305983ac9a5ca487a8f4f928d202a3dfc639b80c165727e | Triage

Sharing

General

Target

d0458d9fbe73ca1aa592edb5efc17c7f_JaffaCakes118
Size

145KB
Sample

241207-c6a8kaxmgm
MD5

d0458d9fbe73ca1aa592edb5efc17c7f
SHA1

9e141e603d8beb468d996b77a28410816b47baf8
SHA256

2900578658bbb8349305983ac9a5ca487a8f4f928d202a3dfc639b80c165727e
SHA512

a75e3959d699e98cccbced31fc039eec3499168495b697600375e392b95add27c65a0275e3925d140cf04c1b3cd167db85b996a358f6614a9e7b8c5d4f1242fc
SSDEEP

3072:R2+b4i7mTwrJKJsrqUDWu9CXtl/wLY9ePBmGniAOLZzhOUBL:R2Y4E8wr4ip9CXnh0cdnl1v

Score

10^/10

njrat lime discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

127.0.0.1:1528

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
AZERTY

Targets

- Target
  
  d0458d9fbe73ca1aa592edb5efc17c7f_JaffaCakes118
- Size
  
  145KB
- MD5
  
  d0458d9fbe73ca1aa592edb5efc17c7f
- SHA1
  
  9e141e603d8beb468d996b77a28410816b47baf8
- SHA256
  
  2900578658bbb8349305983ac9a5ca487a8f4f928d202a3dfc639b80c165727e
- SHA512
  
  a75e3959d699e98cccbced31fc039eec3499168495b697600375e392b95add27c65a0275e3925d140cf04c1b3cd167db85b996a358f6614a9e7b8c5d4f1242fc
- SSDEEP
  
  3072:R2+b4i7mTwrJKJsrqUDWu9CXtl/wLY9ePBmGniAOLZzhOUBL:R2Y4E8wr4ip9CXnh0cdnl1v
Score

10^/10

njrat lime discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratlimediscoverytrojan

behavioral2

njratlimediscoverytrojan