General
-
Target
Receipt.vbs
-
Size
2KB
-
Sample
211018-ye8weafean
-
MD5
5148319e32fa247453f35aa2ea0af0a2
-
SHA1
69afc36ee0cf368fb248af04df99c8aa8faba731
-
SHA256
11850e5727c8a31ca7192fc9546050442376f7b77359f7d4e971f1f823105504
-
SHA512
313fe826b3e7497313dfd15684dd6c1e459368c294db5a9fc1b9a6b6e99af441a567cf6ba649b4a973bb67bfc6ee80dd7bc0c11d70fe58981c258b63ed63f760
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.vbs
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Receipt.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v4.0
RackSPACE
petrol-chem108.duckdns.org:40225
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Receipt.vbs
-
Size
2KB
-
MD5
5148319e32fa247453f35aa2ea0af0a2
-
SHA1
69afc36ee0cf368fb248af04df99c8aa8faba731
-
SHA256
11850e5727c8a31ca7192fc9546050442376f7b77359f7d4e971f1f823105504
-
SHA512
313fe826b3e7497313dfd15684dd6c1e459368c294db5a9fc1b9a6b6e99af441a567cf6ba649b4a973bb67bfc6ee80dd7bc0c11d70fe58981c258b63ed63f760
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-