General
-
Target
Reservation.vbs
-
Size
1KB
-
Sample
210905-z3wreshgg3
-
MD5
d1105a626de00b3a3d248febfe9d2eab
-
SHA1
f088bdfa3f5d251f325ff4b11b5e680425c25ba2
-
SHA256
c61844d30e92c490359ae221d04620767e303247345e12de34f8ae43eb1cf26b
-
SHA512
11378362541f0656af2bc775cfd4b8e23e9c9a08cd9eb8b35109f3553da2e870a9c376efd3df2039c4c8224c70ba54ff0cad0030751bdfb8641da4f639e0bc16
Static task
static1
Behavioral task
behavioral1
Sample
Reservation.vbs
Resource
win7-en
Malware Config
Extracted
http://54.184.87.30/bypass.txt
Extracted
njrat
v4.0
Boss
103.147.184.73:7103
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Reservation.vbs
-
Size
1KB
-
MD5
d1105a626de00b3a3d248febfe9d2eab
-
SHA1
f088bdfa3f5d251f325ff4b11b5e680425c25ba2
-
SHA256
c61844d30e92c490359ae221d04620767e303247345e12de34f8ae43eb1cf26b
-
SHA512
11378362541f0656af2bc775cfd4b8e23e9c9a08cd9eb8b35109f3553da2e870a9c376efd3df2039c4c8224c70ba54ff0cad0030751bdfb8641da4f639e0bc16
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-