Register Login

sloganpng

top title background image

NJratccccassssG2.00.vbs

Status: finished

Submission Time: 2022-02-21 06:48:11 +01:00

Malicious

Trojan

Spyware

Exploiter

Evader

Njrat

Comments

Tags

Details

Analysis ID:
575468
API (Web) ID:
942990
Analysis Started:

2022-02-21 06:48:13 +01:00
Analysis Finished:

2022-02-21 06:58:29 +01:00
MD5:
4833452ece935ea45c3b0912db2fc0bd
SHA1:
111ba6889be1031376e62b1e87dd83041ace2352
SHA256:
965b43f6e33c4b12172f54bd6361f892a3c7f8aa6d75ac3a8665b090ff9d819f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 17/58

Open Full Report

malicious

Score: 5/34

malicious

Score: 11/43

malicious

IPs

IP	Country	Detection
201.121.59.253	Mexico
198.50.177.251	Canada
162.253.155.226	United States

Domains

Name	IP	Detection
venomsi.mypsx.net	201.121.59.253
njratcasanew.ueuo.com	162.253.155.226

URLs

Name	Detection
venomsi.mypsx.net
http://198.50.177.251/rump/4.txt
http://nuget.org/NuGet.exe
Click to see the 13 hidden entries
http://njratcasanew.ueuo.com
http://198.50.177.251
http://pesterbdd.com/images/Pester.png
http://njratcasanew.ueuo.com/NJratNEW%20casa/base%2064%20NJratNEWcasa.txt
http://www.apache.org/licenses/LICENSE-2.0.html
https://contoso.com/
https://nuget.org/nuget.exe
http://njratcasanew.ueuo.comx
https://contoso.com/License
https://contoso.com/Icon
http://198.50.177.251x
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ VFM.vbs	Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czz05exg.e0h.ps1	very short file (no magic)	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jv2klgm1.r0q.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lpv40imj.k0g.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_phjaxqgs.pd0.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tq5avew2.ytq.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v0iy51oe.tqh.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vfpndanb.rnb.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wdyg2daj.ovs.psm1	very short file (no magic)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ VFM.vbs:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20220221\PowerShell_transcript.347688.9YlVrO_k.20220221064925.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20220221\PowerShell_transcript.347688.IrFEJQAh.20220221064918.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20220221\PowerShell_transcript.347688.ynx6k2_L.20220221064946.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20220221\PowerShell_transcript.347688.yrGPxWUi.20220221064928.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#