Overview

overview

10

Static

static

Invoice#4110.vbs

windows7_x64

10

Invoice#4110.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice#4110.vbs

  • Size

    748B

  • Sample

    210824-42jev6jp66

  • MD5

    f88564ad95f97097002bfa11a67d288f

  • SHA1

    49d1056e48981200f7674432c0562163a8d65db5

  • SHA256

    410bfd3ac457f14f653b82ad2090dbdd24c5d689d4bb766f6c18e1c1ee8c171a

  • SHA512

    c7448569083d36592caec1360d59ebb5092970cd8d40268e280110fdcbaa7ddff324b71c055febf1e4dee0bd9315ee56c90cfff6b8fa46f72aec84e620099bc6

Score
10/10
njratbossspywarestealersuricatatrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://transfer.sh/Bnlx/passsssssssssssssss_bypass.txt

Extracted

Family

njrat

Version

v4.0

Botnet

Boss

C2

103.147.184.73:7103

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Invoice#4110.vbs

    • Size

      748B

    • MD5

      f88564ad95f97097002bfa11a67d288f

    • SHA1

      49d1056e48981200f7674432c0562163a8d65db5

    • SHA256

      410bfd3ac457f14f653b82ad2090dbdd24c5d689d4bb766f6c18e1c1ee8c171a

    • SHA512

      c7448569083d36592caec1360d59ebb5092970cd8d40268e280110fdcbaa7ddff324b71c055febf1e4dee0bd9315ee56c90cfff6b8fa46f72aec84e620099bc6

    Score
    10/10
    njratbossspywarestealersuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks