Overview

overview

10

Static

static

Request#474552121.vbs

windows7_x64

10

Request#474552121.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request#474552121.vbs

  • Size

    701KB

  • Sample

    211010-mrn6zsfgfn

  • MD5

    ae62669c03c4705ceae9e46f33148e70

  • SHA1

    531ec05e0d7b97e79f8de0248fd0ee4705b10954

  • SHA256

    844777d11931b7ee8214c6c38a751a1c7bf850ea2bdd5a9341eb8e4133a42ba2

  • SHA512

    76b0f4e7da0a99bd7e2e7b9d1e2edc04c97e78d1d448e4c6996eb2fb6faf902ecad8930b9353e1eac56b3137a410b6a38158980c75b235a2a78f3159f0092fe2

Score
10/10
njrat@@@@dddex@@@@@@suricatatrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

@@@@DDDEX@@@@@@

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Request#474552121.vbs

    • Size

      701KB

    • MD5

      ae62669c03c4705ceae9e46f33148e70

    • SHA1

      531ec05e0d7b97e79f8de0248fd0ee4705b10954

    • SHA256

      844777d11931b7ee8214c6c38a751a1c7bf850ea2bdd5a9341eb8e4133a42ba2

    • SHA512

      76b0f4e7da0a99bd7e2e7b9d1e2edc04c97e78d1d448e4c6996eb2fb6faf902ecad8930b9353e1eac56b3137a410b6a38158980c75b235a2a78f3159f0092fe2

    Score
    10/10
    njrat@@@@dddex@@@@@@suricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks