njrat | d0b59cba5f88973dfeea8610926e26b61b4c25125bfd8168954e9dd87d6b132d | Triage

Sharing

General

Target

Invoice_and_payment_copy.vbs
Size

5KB
Sample

210911-dv548sagg8
MD5

83b9414820f37287d526b16da3c6e6d9
SHA1

9afab0d39520db7e8754ac5c9e27f7d73220d27c
SHA256

d0b59cba5f88973dfeea8610926e26b61b4c25125bfd8168954e9dd87d6b132d
SHA512

1879f8dc3087a0a5e3a4b7f21ef210fe8278117ef687fac45ccd0d71e63ef6b9a621a036b222fc5bf6ad007df76bc6d0ec3f8c3f6b7dcd20dcad6fc31b945fb1

Score

10^/10

njrat boss trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://54.184.87.30/Dbypass.txt

Extracted

Family

njrat

Version

v4.0

Botnet

Boss

C2

103.147.184.73:7103

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Invoice_and_payment_copy.vbs
- Size
  
  5KB
- MD5
  
  83b9414820f37287d526b16da3c6e6d9
- SHA1
  
  9afab0d39520db7e8754ac5c9e27f7d73220d27c
- SHA256
  
  d0b59cba5f88973dfeea8610926e26b61b4c25125bfd8168954e9dd87d6b132d
- SHA512
  
  1879f8dc3087a0a5e3a4b7f21ef210fe8278117ef687fac45ccd0d71e63ef6b9a621a036b222fc5bf6ad007df76bc6d0ec3f8c3f6b7dcd20dcad6fc31b945fb1
Score

10^/10

njrat boss trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratbosstrojan