Overview

overview

10

Static

static

7H2B1N27_P...PT.vbs

windows7_x64

10

7H2B1N27_P...PT.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7H2B1N27_PAYMENT_RECEIPT.vbs

  • Size

    2KB

  • Sample

    220105-j9ll2aaba5

  • MD5

    1cf9e3a75322042644a95e4d9eb359bc

  • SHA1

    27469cadb09a071e5ee98e6a6492bf1ee16bd170

  • SHA256

    7ad872e2d279268cc3107a90337b4beb3be0fc888668d60e6995d64b8955b2e6

  • SHA512

    a97d371a84e9ec64821022d64439ac6b04befe0fc2b4231b721450cbc12d70cc3232a53df936a4158e8c5e380c66ef6d1dff66aff4c0b5909652b3dc4f7a41ad

Score
10/10
neshtanjrathackedevasionpersistencespywaretrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://transfer.sh/get/BKC469/HHHHHHHHHHHHHHHH.txt

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes
  • reg_key

    Microsoft.Exe

Targets

    • Target

      7H2B1N27_PAYMENT_RECEIPT.vbs

    • Size

      2KB

    • MD5

      1cf9e3a75322042644a95e4d9eb359bc

    • SHA1

      27469cadb09a071e5ee98e6a6492bf1ee16bd170

    • SHA256

      7ad872e2d279268cc3107a90337b4beb3be0fc888668d60e6995d64b8955b2e6

    • SHA512

      a97d371a84e9ec64821022d64439ac6b04befe0fc2b4231b721450cbc12d70cc3232a53df936a4158e8c5e380c66ef6d1dff66aff4c0b5909652b3dc4f7a41ad

    Score
    10/10
    neshtanjrathackedevasionpersistencespywaretrojan

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks