Overview

overview

10

Static

static

Receipt_12203.vbs

windows7_x64

10

Receipt_12203.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Receipt_12203.vbs

  • Size

    1KB

  • Sample

    210907-rwbtnsgaaq

  • MD5

    aa2957c1912b583d18c3fad0a1dbe455

  • SHA1

    4b2ae1f0381d72b3833ab341cc3862b540359c64

  • SHA256

    2f70c208c08b5607dda4932a3d29625a52d84aa66c916ce8a867a0c2c57ffc5b

  • SHA512

    668b3c2be0f926e314bd5b810f79d0b7eac4fcd760108629cfff334c5f5dc0d66ea95f5d04fd47d09b4d910d1dfda1b1a405c008b3be24f420a4155371113a7a

Score
10/10
njratdav008persistencesuricatatrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://transfer.sh/get/dIj4XJ/bypass.txt

Extracted

Family

njrat

Version

v4.0

Botnet

DAV008

C2

51.103.75.40:53011

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Receipt_12203.vbs

    • Size

      1KB

    • MD5

      aa2957c1912b583d18c3fad0a1dbe455

    • SHA1

      4b2ae1f0381d72b3833ab341cc3862b540359c64

    • SHA256

      2f70c208c08b5607dda4932a3d29625a52d84aa66c916ce8a867a0c2c57ffc5b

    • SHA512

      668b3c2be0f926e314bd5b810f79d0b7eac4fcd760108629cfff334c5f5dc0d66ea95f5d04fd47d09b4d910d1dfda1b1a405c008b3be24f420a4155371113a7a

    Score
    10/10
    njratdav008persistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks