INVOICE PAID.vbs

General
Target

INVOICE PAID.vbs

Size

7KB

Sample

210922-vzwj2adcf7

Score
10 /10
MD5

faadd040a36132904b0b44ce8acb801a

SHA1

34e16916fce2e1a3465a8b571ca0d970509317c3

SHA256

14c3d06f79c7518433e2baef8a920a310393b394b219241ff8e88a7ed7c7a07a

SHA512

93476f94af989f26204a3811c10a827f4d3e2a8ded6372b169a8849b2acaaa831b9245e6e67d715ac9d7ee23a3f9c743094a13cde6f185c5e75bd69ef8734bd4

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://13.112.210.240/nnnnnnnnnnnnnnnnjbypass.txt

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

103.156.92.140:5489

Attributes
reg_key
b9bcbd71b3095eaa1d613e7db66ba013
splitter
|'|'|
Targets
Target

INVOICE PAID.vbs

MD5

faadd040a36132904b0b44ce8acb801a

Filesize

7KB

Score
10 /10
SHA1

34e16916fce2e1a3465a8b571ca0d970509317c3

SHA256

14c3d06f79c7518433e2baef8a920a310393b394b219241ff8e88a7ed7c7a07a

SHA512

93476f94af989f26204a3811c10a827f4d3e2a8ded6372b169a8849b2acaaa831b9245e6e67d715ac9d7ee23a3f9c743094a13cde6f185c5e75bd69ef8734bd4

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Blocklisted process makes network request

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10