General
-
Target
Receipt.vbs
-
Size
3KB
-
Sample
210831-tjlztc1l6n
-
MD5
7847bcdabe1d416d86d06d3c81a11052
-
SHA1
abaff8024bd174d05edba2c32eb2aa5c0c7071c9
-
SHA256
6e20ded2b6c78190b5c281cd6d5092cc7336aeab810b98155e118db7801744f1
-
SHA512
ec48efbf28797aed093951c1d4d885aec8ca186e585922fade445b15b4691c7eb8026338d2f873b33e671652a2301261eb6af3aa55d8b8354a089a00a664676a
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.vbs
Resource
win7v20210408
Malware Config
Extracted
njrat
v4.0
Boss
103.147.184.73:7103
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Receipt.vbs
-
Size
3KB
-
MD5
7847bcdabe1d416d86d06d3c81a11052
-
SHA1
abaff8024bd174d05edba2c32eb2aa5c0c7071c9
-
SHA256
6e20ded2b6c78190b5c281cd6d5092cc7336aeab810b98155e118db7801744f1
-
SHA512
ec48efbf28797aed093951c1d4d885aec8ca186e585922fade445b15b4691c7eb8026338d2f873b33e671652a2301261eb6af3aa55d8b8354a089a00a664676a
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-