General

  • Target

    Zona de Pago.vbs

  • Size

    162KB

  • Sample

    210915-k5jgjsach6

  • MD5

    df165c37e5339e9a1a720e593d8f2eb1

  • SHA1

    29f8959f9934a0a4f64bbdb3dbaa878334814fc4

  • SHA256

    282b7e31f3fff63d2f713d0841e75e52294bb6601454e78bfd9285839ec4a34a

  • SHA512

    277043fe7d52b876d3c8e04d0ae76f232a6e64774aeb89399c1e47952e82c65814e9004a0dcf1a824ca45ce52a05619b33fc7bcb9e33e740ecb83cc20b12b447

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://onedrive.live.com/download?cid=4DBCDBEA8A120146&resid=4DBCDBEA8A120146%21150&authkey=AKfJKvTWpXPaOuE

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

reald27.duckdns.org:3525

Mutex

f45dd4eb26

Attributes
  • reg_key

    f45dd4eb26

  • splitter

    @!#&^%$

Targets

    • Target

      Zona de Pago.vbs

    • Size

      162KB

    • MD5

      df165c37e5339e9a1a720e593d8f2eb1

    • SHA1

      29f8959f9934a0a4f64bbdb3dbaa878334814fc4

    • SHA256

      282b7e31f3fff63d2f713d0841e75e52294bb6601454e78bfd9285839ec4a34a

    • SHA512

      277043fe7d52b876d3c8e04d0ae76f232a6e64774aeb89399c1e47952e82c65814e9004a0dcf1a824ca45ce52a05619b33fc7bcb9e33e740ecb83cc20b12b447

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks