General

  • Target

    Informacion_Detallada_Deuda_Dian_20230719_pdf.vbs

  • Size

    385KB

  • Sample

    230721-vf1pmsfe32

  • MD5

    a640364846274e9da426b560a4df12dc

  • SHA1

    f88328cc6f8907ab700f845542f17ccf3cd677c2

  • SHA256

    2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457

  • SHA512

    bd8bbd2647a043ebf47302c538a7d09c7da7ac0c46117ce0a50a7c2a74f63203be4fe2a4547dbc38b8399acccaef7e6dac078f21bcc7fe62babb9371505937ce

  • SSDEEP

    3072:35XNsn1+7HLDVZeMxzakxTOvsp7zSty8NxF50hfp/TIYbdHznXmxLJIrCsS4CYuC:4n+SMxzakB2ty8NxF50hfp/TR

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

todosnj4343.duckdns.org:4343

Mutex

91870a25e1f

Attributes
  • reg_key

    91870a25e1f

  • splitter

    @!#&^%$

Targets

    • Target

      Informacion_Detallada_Deuda_Dian_20230719_pdf.vbs

    • Size

      385KB

    • MD5

      a640364846274e9da426b560a4df12dc

    • SHA1

      f88328cc6f8907ab700f845542f17ccf3cd677c2

    • SHA256

      2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457

    • SHA512

      bd8bbd2647a043ebf47302c538a7d09c7da7ac0c46117ce0a50a7c2a74f63203be4fe2a4547dbc38b8399acccaef7e6dac078f21bcc7fe62babb9371505937ce

    • SSDEEP

      3072:35XNsn1+7HLDVZeMxzakxTOvsp7zSty8NxF50hfp/TIYbdHznXmxLJIrCsS4CYuC:4n+SMxzakB2ty8NxF50hfp/TR

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks