njrat | 313bb9d87b5bbdc4cc164ee429b41bcac1605401e1c3e7fa8d1fa287277e3cce | Triage

Sharing

General

Target

Shipment#45523666245.vbs
Size

15KB
Sample

211029-xbt3eaaefn
MD5

b671f9ee1edb1e6f2911c22c4e6ebbaf
SHA1

6de6dfee5b87a8f52ce34bc0c9d147bc69faa04e
SHA256

313bb9d87b5bbdc4cc164ee429b41bcac1605401e1c3e7fa8d1fa287277e3cce
SHA512

15f4ed29c203cf9a2da50b5df6d898e79feb08cf9ddc0ab7c315eeab9038745743e5352dc2db5197c3bf3817d26590bf4adc21a91a68fd2dcd633e3712fa4832

Score

10^/10

njrat ------(meilller)------trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

------(MEILLLER)------

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Shipment#45523666245.vbs
- Size
  
  15KB
- MD5
  
  b671f9ee1edb1e6f2911c22c4e6ebbaf
- SHA1
  
  6de6dfee5b87a8f52ce34bc0c9d147bc69faa04e
- SHA256
  
  313bb9d87b5bbdc4cc164ee429b41bcac1605401e1c3e7fa8d1fa287277e3cce
- SHA512
  
  15f4ed29c203cf9a2da50b5df6d898e79feb08cf9ddc0ab7c315eeab9038745743e5352dc2db5197c3bf3817d26590bf4adc21a91a68fd2dcd633e3712fa4832
Score

10^/10

njrat ------(meilller)------trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat------(meilller)------trojan

behavioral2

njrat------(meilller)------trojan