Overview

overview

10

Static

static

456-Invoice.js

windows7_x64

10

456-Invoice.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    456-Invoice.tar

  • Size

    168KB

  • Sample

    210831-29dr6cdmss

  • MD5

    40d40ff9bde90b3d2a1dc9c3baa28ef2

  • SHA1

    2b6d3a816d490b41565ee19445a4221c978130da

  • SHA256

    da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83

  • SHA512

    b17161b558af25bab462cc21d2cae427b6f406a825b762d5a1d8e6b960243b1f4327d2336bbae142c70c995e4f20bee29e1df3c7ede691780956ae64d5fb67bf

Score
10/10
njratvjw0rmsucceedpersistencesuricatatrojanworm

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

SUCCEED

C2

194.5.97.156:7654

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    0149266241@@@

Targets

    • Target

      456-Invoice.js

    • Size

      166KB

    • MD5

      c000b245272ad81b74958689e4b3352e

    • SHA1

      ce74042c88b852c6a5b00186096f0ce42afc38b6

    • SHA256

      f19462db16c63e8c26095f8ee024340649e0b2cb26a9ba9d08691b6d01e4f2be

    • SHA512

      f9b3f811a4be2bee356d9265d15a20a00d41b4a5933d8ab5adcf683ce23cab0ac0b6a7cbdbc97abb509385082aa038d11f1b4f8e502f61e6a42535bbd4df155c

    Score
    10/10
    njratvjw0rmsucceedpersistencesuricatatrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks