General
-
Target
Payment On Account.vbs
-
Size
3KB
-
Sample
210915-tqsw4seadn
-
MD5
7ad432e7164dcff056883fe786d9fb7b
-
SHA1
0985f8d96a8e972ad6a8fef0f8ca6774f13c1373
-
SHA256
34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b
-
SHA512
7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c
Static task
static1
Behavioral task
behavioral1
Sample
Payment On Account.vbs
Resource
win7v20210408
Malware Config
Extracted
http://54.184.87.30/jbypass.txt
Extracted
njrat
0.7d
HacKed
103.147.184.73:8319
98d5ec0a408febb60524eab801ba601c
-
reg_key
98d5ec0a408febb60524eab801ba601c
-
splitter
|'|'|
Targets
-
-
Target
Payment On Account.vbs
-
Size
3KB
-
MD5
7ad432e7164dcff056883fe786d9fb7b
-
SHA1
0985f8d96a8e972ad6a8fef0f8ca6774f13c1373
-
SHA256
34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b
-
SHA512
7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-