Overview

overview

10

Static

static

AWB#630532456685.vbs

windows7_x64

10

AWB#630532456685.vbs

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB#630532456685.vbs

  • Size

    703KB

  • Sample

    211101-lh8nlahdd7

  • MD5

    ee5187d49e6691c383c02f1d3a92f60c

  • SHA1

    8b35c07251b1b6bd9b5f0769a209db31cea406fc

  • SHA256

    cba3e50fbc511a95a710d40aa37f9a3b905f7a1cd6b3d46bdcde8e6bfa083ca6

  • SHA512

    c2279d022bb55dbe0fdc5d8a88999017abd91528999a89a86a47452954d9afe6115b34feaf093aa01a40641b83d1af92ea0a5b0925b5abc5d886d6d0467faf64

Score
10/10
njrat------(meilller)------trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

------(MEILLLER)------

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      AWB#630532456685.vbs

    • Size

      703KB

    • MD5

      ee5187d49e6691c383c02f1d3a92f60c

    • SHA1

      8b35c07251b1b6bd9b5f0769a209db31cea406fc

    • SHA256

      cba3e50fbc511a95a710d40aa37f9a3b905f7a1cd6b3d46bdcde8e6bfa083ca6

    • SHA512

      c2279d022bb55dbe0fdc5d8a88999017abd91528999a89a86a47452954d9afe6115b34feaf093aa01a40641b83d1af92ea0a5b0925b5abc5d886d6d0467faf64

    Score
    10/10
    njrat------(meilller)------trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks