INTERAC PAYMENT.vbs

General
Target

INTERAC PAYMENT.vbs

Size

7KB

Sample

210920-w2ly2sehg9

Score
10 /10
MD5

f3bc5f7625cfb7d4f44f784561b05faf

SHA1

8831e8de10c1365cbc23bf50b96b6292fd09af29

SHA256

9b08fe9109b0e4b68f52624894d0ea9261f4a434f07d022f2d2b2d7c12877460

SHA512

cd5a57d361c02aeda535d19461798d9b5779f94e17aa12cc2ee9db4ba1605a8ce8fe04dcf4a1bee312261902a7c2bb579cc916f98576d679ded10a6c64807665

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://13.112.210.240/NJNJNJNJbypass.txt

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

103.156.92.140:5489

Attributes
reg_key
b9bcbd71b3095eaa1d613e7db66ba013
splitter
|'|'|
Targets
Target

INTERAC PAYMENT.vbs

MD5

f3bc5f7625cfb7d4f44f784561b05faf

Filesize

7KB

Score
10 /10
SHA1

8831e8de10c1365cbc23bf50b96b6292fd09af29

SHA256

9b08fe9109b0e4b68f52624894d0ea9261f4a434f07d022f2d2b2d7c12877460

SHA512

cd5a57d361c02aeda535d19461798d9b5779f94e17aa12cc2ee9db4ba1605a8ce8fe04dcf4a1bee312261902a7c2bb579cc916f98576d679ded10a6c64807665

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Blocklisted process makes network request

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10