Overview

overview

10

Static

static

1

Spedizione.vbs

windows7-x64

10

Spedizione.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Spedizione.vbs

  • Size

    4.4MB

  • Sample

    241021-k8fvtszdkl

  • MD5

    afaefcfba4a6f5052383156ce7f88efd

  • SHA1

    ac99a4ba88364136174b70b226881297144de96e

  • SHA256

    29a2f380dca14716c3e3c53da12df3d0b1fb5c3efd0d2b711d3de523a7273836

  • SHA512

    4fdb773189b885e11ce669b711c04777d8b29ab4a409e2a470fb13b37404eba02b8a9d55aada3a6c64df421d0ec0d7288acc4727055274945d17483cd5710e73

  • SSDEEP

    24576:lemjem3emOemsemyemDemTemHemnemmem2em+emTemXemBem6emFemWemRemiemH:i

Score
10/10
njrathackeddiscoveryexecutiontrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://rentry.co/m7ebw9yf/raw

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

ole.cloudns.ph:5439

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Spedizione.vbs

    • Size

      4.4MB

    • MD5

      afaefcfba4a6f5052383156ce7f88efd

    • SHA1

      ac99a4ba88364136174b70b226881297144de96e

    • SHA256

      29a2f380dca14716c3e3c53da12df3d0b1fb5c3efd0d2b711d3de523a7273836

    • SHA512

      4fdb773189b885e11ce669b711c04777d8b29ab4a409e2a470fb13b37404eba02b8a9d55aada3a6c64df421d0ec0d7288acc4727055274945d17483cd5710e73

    • SSDEEP

      24576:lemjem3emOemsemyemDemTemHemnemmem2em+emTemXemBem6emFemWemRemiemH:i

    Score
    10/10
    executionnjrathackeddiscoverytrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks