General
-
Target
Apartment.vbs
-
Size
2KB
-
Sample
210908-f527fahaej
-
MD5
9733443c62fad16ef1c7412f1189b0ea
-
SHA1
7ffc31b99c0af85be17e8fe1a0d7ffdbfff3af43
-
SHA256
5eb13a8dd4cc2a1b7a265ab3489b651ceb4679742822bdada781f672dcce9d6e
-
SHA512
9088b1b27450532f0d509e7dcf14ed9cc22a23f1400c162046d332aad28c7ea0c9c4dff66609d8ec9c941eb3f183ab873b67aa099204ad70d9ac90c90f3e3001
Static task
static1
Behavioral task
behavioral1
Sample
Apartment.vbs
Resource
win7v20210408
Malware Config
Extracted
http://54.184.87.30/dddbypass.txt
Extracted
njrat
v4.0
Boss
103.147.184.73:7103
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Apartment.vbs
-
Size
2KB
-
MD5
9733443c62fad16ef1c7412f1189b0ea
-
SHA1
7ffc31b99c0af85be17e8fe1a0d7ffdbfff3af43
-
SHA256
5eb13a8dd4cc2a1b7a265ab3489b651ceb4679742822bdada781f672dcce9d6e
-
SHA512
9088b1b27450532f0d509e7dcf14ed9cc22a23f1400c162046d332aad28c7ea0c9c4dff66609d8ec9c941eb3f183ab873b67aa099204ad70d9ac90c90f3e3001
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-