General
-
Target
Request#474552121.vbs
-
Size
701KB
-
Sample
211010-mrn6zsfgfn
-
MD5
ae62669c03c4705ceae9e46f33148e70
-
SHA1
531ec05e0d7b97e79f8de0248fd0ee4705b10954
-
SHA256
844777d11931b7ee8214c6c38a751a1c7bf850ea2bdd5a9341eb8e4133a42ba2
-
SHA512
76b0f4e7da0a99bd7e2e7b9d1e2edc04c97e78d1d448e4c6996eb2fb6faf902ecad8930b9353e1eac56b3137a410b6a38158980c75b235a2a78f3159f0092fe2
Static task
static1
Behavioral task
behavioral1
Sample
Request#474552121.vbs
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Request#474552121.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v2.0
@@@@DDDEX@@@@@@
new.libya2020.com.ly:2020
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Request#474552121.vbs
-
Size
701KB
-
MD5
ae62669c03c4705ceae9e46f33148e70
-
SHA1
531ec05e0d7b97e79f8de0248fd0ee4705b10954
-
SHA256
844777d11931b7ee8214c6c38a751a1c7bf850ea2bdd5a9341eb8e4133a42ba2
-
SHA512
76b0f4e7da0a99bd7e2e7b9d1e2edc04c97e78d1d448e4c6996eb2fb6faf902ecad8930b9353e1eac56b3137a410b6a38158980c75b235a2a78f3159f0092fe2
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-