e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs

General
Target

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs

Size

828B

Sample

210915-kd3fcaacc9

Score
10 /10
MD5

9af0d5fbc14e3ac0ae409dfef6e04228

SHA1

931b3139830e5485f198bb72ecba50475e4c8df2

SHA256

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed

SHA512

fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

envirat.duckdns.org:3013

Attributes
reg_key
6de17d5355fa43eca7e
splitter
@!#&^%$
Targets
Target

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs

MD5

9af0d5fbc14e3ac0ae409dfef6e04228

Filesize

828B

Score
10 /10
SHA1

931b3139830e5485f198bb72ecba50475e4c8df2

SHA256

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed

SHA512

fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Blocklisted process makes network request

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      8/10

                      behavioral2

                      10/10