General
-
Target
Invoice#4110.vbs
-
Size
748B
-
Sample
210824-42jev6jp66
-
MD5
f88564ad95f97097002bfa11a67d288f
-
SHA1
49d1056e48981200f7674432c0562163a8d65db5
-
SHA256
410bfd3ac457f14f653b82ad2090dbdd24c5d689d4bb766f6c18e1c1ee8c171a
-
SHA512
c7448569083d36592caec1360d59ebb5092970cd8d40268e280110fdcbaa7ddff324b71c055febf1e4dee0bd9315ee56c90cfff6b8fa46f72aec84e620099bc6
Static task
static1
Behavioral task
behavioral1
Sample
Invoice#4110.vbs
Resource
win7v20210410
Malware Config
Extracted
https://transfer.sh/Bnlx/passsssssssssssssss_bypass.txt
Extracted
njrat
v4.0
Boss
103.147.184.73:7103
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Invoice#4110.vbs
-
Size
748B
-
MD5
f88564ad95f97097002bfa11a67d288f
-
SHA1
49d1056e48981200f7674432c0562163a8d65db5
-
SHA256
410bfd3ac457f14f653b82ad2090dbdd24c5d689d4bb766f6c18e1c1ee8c171a
-
SHA512
c7448569083d36592caec1360d59ebb5092970cd8d40268e280110fdcbaa7ddff324b71c055febf1e4dee0bd9315ee56c90cfff6b8fa46f72aec84e620099bc6
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-