General
-
Target
Invoice #019972.vbs
-
Size
2KB
-
Sample
211018-ytvbkafecj
-
MD5
ee3daa79d7ac4570d146aceb38253293
-
SHA1
40b16db43a5c60e9f6a0ec49ab984698a3d1129b
-
SHA256
1e00836862dc8fc7fd742e9df49a8b0d141b391139bfb1c5a23f20413eb6d639
-
SHA512
6342d990ce3ea3ab94e2086cfda644d29bd5ea852da17f81b28b6d6a915ab0c31e9ea3580d302a43f277fdea68f1a8afe4be1c4343b89831b29f46b0bf1b70aa
Static task
static1
Behavioral task
behavioral1
Sample
Invoice #019972.vbs
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Invoice #019972.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v2.0
CHEM
petrol-chem108.duckdns.org:40225
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Invoice #019972.vbs
-
Size
2KB
-
MD5
ee3daa79d7ac4570d146aceb38253293
-
SHA1
40b16db43a5c60e9f6a0ec49ab984698a3d1129b
-
SHA256
1e00836862dc8fc7fd742e9df49a8b0d141b391139bfb1c5a23f20413eb6d639
-
SHA512
6342d990ce3ea3ab94e2086cfda644d29bd5ea852da17f81b28b6d6a915ab0c31e9ea3580d302a43f277fdea68f1a8afe4be1c4343b89831b29f46b0bf1b70aa
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-