Overview

overview

10

Static

static

RFQ-474552121.PDF.vbs

windows7_x64

10

RFQ-474552121.PDF.vbs

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-474552121.PDF.vbs

  • Size

    1.5MB

  • Sample

    211016-rnz7ascaf6

  • MD5

    984ff6ee5d1b7a975d9f95937101dfbc

  • SHA1

    a7180061ccbf2add84fe873f15d09f9511740338

  • SHA256

    8b83cbd6a35bbf62bc865b1037db4f3a3b6a35d5be7f99f1db620cc8b7ca1437

  • SHA512

    86284f7799ea65cb4e306d2f2ca8934f2149d7a234b9f994027f1c4307660f190f8d559a6a180ffdcd98202f2b68af0df104646c699a1d2d5a8c9018a6a534c2

Score
10/10
njrat+++++55555++++trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

+++++55555++++

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      RFQ-474552121.PDF.vbs

    • Size

      1.5MB

    • MD5

      984ff6ee5d1b7a975d9f95937101dfbc

    • SHA1

      a7180061ccbf2add84fe873f15d09f9511740338

    • SHA256

      8b83cbd6a35bbf62bc865b1037db4f3a3b6a35d5be7f99f1db620cc8b7ca1437

    • SHA512

      86284f7799ea65cb4e306d2f2ca8934f2149d7a234b9f994027f1c4307660f190f8d559a6a180ffdcd98202f2b68af0df104646c699a1d2d5a8c9018a6a534c2

    Score
    10/10
    njrat+++++55555++++trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks