982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379.vbs

General
Target

982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379.vbs

Size

3KB

Sample

210916-mrpgracgg8

Score
10 /10
MD5

48f019f8bdb3fce7e44649974ab2330f

SHA1

25ce8749a17bf094e49673141032aa7b4e3893cb

SHA256

982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379

SHA512

0387aee4aa180441e42fcbc35d46e16e889706a57be37e8b59f595efa8895b2b096e47738bcd626c0b4d8a9df942edf3162dbbd7f26315d5f5a47081c3c47480

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://54.184.87.30/Server.txt

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

103.147.184.73:8319

Attributes
reg_key
98d5ec0a408febb60524eab801ba601c
splitter
|'|'|
Targets
Target

982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379.vbs

MD5

48f019f8bdb3fce7e44649974ab2330f

Filesize

3KB

Score
10/10
SHA1

25ce8749a17bf094e49673141032aa7b4e3893cb

SHA256

982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379

SHA512

0387aee4aa180441e42fcbc35d46e16e889706a57be37e8b59f595efa8895b2b096e47738bcd626c0b4d8a9df942edf3162dbbd7f26315d5f5a47081c3c47480

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Blocklisted process makes network request

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10