Payment On Account.vbs

General
Target

Payment On Account.vbs

Size

3KB

Sample

210915-vkzm5seahj

Score
10 /10
MD5

7ad432e7164dcff056883fe786d9fb7b

SHA1

0985f8d96a8e972ad6a8fef0f8ca6774f13c1373

SHA256

34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b

SHA512

7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://54.184.87.30/jbypass.txt

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

103.147.184.73:8319

Attributes
reg_key
98d5ec0a408febb60524eab801ba601c
splitter
|'|'|
Targets
Target

Payment On Account.vbs

MD5

7ad432e7164dcff056883fe786d9fb7b

Filesize

3KB

Score
10 /10
SHA1

0985f8d96a8e972ad6a8fef0f8ca6774f13c1373

SHA256

34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b

SHA512

7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Blocklisted process makes network request

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1