Overview

overview

10

Static

static

Invoice_an...py.vbs

windows7_x64

10

Invoice_an...py.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_and_payment_copy.vbs

  • Size

    5KB

  • Sample

    210911-bkqkpadhfj

  • MD5

    83b9414820f37287d526b16da3c6e6d9

  • SHA1

    9afab0d39520db7e8754ac5c9e27f7d73220d27c

  • SHA256

    d0b59cba5f88973dfeea8610926e26b61b4c25125bfd8168954e9dd87d6b132d

  • SHA512

    1879f8dc3087a0a5e3a4b7f21ef210fe8278117ef687fac45ccd0d71e63ef6b9a621a036b222fc5bf6ad007df76bc6d0ec3f8c3f6b7dcd20dcad6fc31b945fb1

Score
10/10
njratbosstrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://54.184.87.30/Dbypass.txt

Extracted

Family

njrat

Version

v4.0

Botnet

Boss

C2

103.147.184.73:7103

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Invoice_and_payment_copy.vbs

    • Size

      5KB

    • MD5

      83b9414820f37287d526b16da3c6e6d9

    • SHA1

      9afab0d39520db7e8754ac5c9e27f7d73220d27c

    • SHA256

      d0b59cba5f88973dfeea8610926e26b61b4c25125bfd8168954e9dd87d6b132d

    • SHA512

      1879f8dc3087a0a5e3a4b7f21ef210fe8278117ef687fac45ccd0d71e63ef6b9a621a036b222fc5bf6ad007df76bc6d0ec3f8c3f6b7dcd20dcad6fc31b945fb1

    Score
    10/10
    njratbosstrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks