Overview

overview

10

Static

static

Receipt.vbs

windows7_x64

10

Receipt.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Receipt.vbs

  • Size

    3KB

  • Sample

    210831-tjlztc1l6n

  • MD5

    7847bcdabe1d416d86d06d3c81a11052

  • SHA1

    abaff8024bd174d05edba2c32eb2aa5c0c7071c9

  • SHA256

    6e20ded2b6c78190b5c281cd6d5092cc7336aeab810b98155e118db7801744f1

  • SHA512

    ec48efbf28797aed093951c1d4d885aec8ca186e585922fade445b15b4691c7eb8026338d2f873b33e671652a2301261eb6af3aa55d8b8354a089a00a664676a

Score
10/10
njratbosstrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

Boss

C2

103.147.184.73:7103

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Receipt.vbs

    • Size

      3KB

    • MD5

      7847bcdabe1d416d86d06d3c81a11052

    • SHA1

      abaff8024bd174d05edba2c32eb2aa5c0c7071c9

    • SHA256

      6e20ded2b6c78190b5c281cd6d5092cc7336aeab810b98155e118db7801744f1

    • SHA512

      ec48efbf28797aed093951c1d4d885aec8ca186e585922fade445b15b4691c7eb8026338d2f873b33e671652a2301261eb6af3aa55d8b8354a089a00a664676a

    Score
    10/10
    njratbosstrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks