General
-
Target
Invoice.vbs
-
Size
2KB
-
Sample
210907-ptgk2acee7
-
MD5
157bd8f697377d2442ac93eda10dec94
-
SHA1
9e5b8e8d2349aaedcc7b93fee831990b1f6b8ad6
-
SHA256
dcd4d3f6173c2283b4ed18fcf810870db068d967b7deb0cc2bcf95db1d3fce11
-
SHA512
d86412ba6b642759af963285815b7f9679e6cff17baa78e6e3fa6b984c80179b334ed010d587649449ee4f643d2103722fe4c4805ee7bde59ac21ab3a14ee9b7
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.vbs
Resource
win7-en
Malware Config
Extracted
http://54.184.87.30/sd-bypass.txt
Extracted
njrat
v4.0
Sun
103.153.78.241:8871
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Invoice.vbs
-
Size
2KB
-
MD5
157bd8f697377d2442ac93eda10dec94
-
SHA1
9e5b8e8d2349aaedcc7b93fee831990b1f6b8ad6
-
SHA256
dcd4d3f6173c2283b4ed18fcf810870db068d967b7deb0cc2bcf95db1d3fce11
-
SHA512
d86412ba6b642759af963285815b7f9679e6cff17baa78e6e3fa6b984c80179b334ed010d587649449ee4f643d2103722fe4c4805ee7bde59ac21ab3a14ee9b7
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-