General
-
Target
Transaccion Aprobada.vbs
-
Size
1KB
-
Sample
210909-vqd9dsged5
-
MD5
45beeab3735b33386dc605d813ab1712
-
SHA1
9570171eb0875939b3a9fd51710422036ca968a7
-
SHA256
4df37056407ca0353e2357399ec8f2bd7583b6d10fc5d1d4f6744b9415a1ce2f
-
SHA512
3b7077d939301d4708a8d41d27bfe0df8e4d703d07af8882e14b02b65dfde303b13f2a428c2911fe3d1eb086e05199bb791562e490ac28092fbd6f520102335e
Static task
static1
Behavioral task
behavioral1
Sample
Transaccion Aprobada.vbs
Resource
win7v20210408
Malware Config
Extracted
https://onedrive.live.com/download?cid=4DBCDBEA8A120146&resid=4DBCDBEA8A120146%21130&authkey=AEqY-yNYbKJY9pM
Extracted
njrat
0.7NC
NYAN CAT
reald27.duckdns.org:3525
d58e514d83d54f2c
-
reg_key
d58e514d83d54f2c
-
splitter
@!#&^%$
Targets
-
-
Target
Transaccion Aprobada.vbs
-
Size
1KB
-
MD5
45beeab3735b33386dc605d813ab1712
-
SHA1
9570171eb0875939b3a9fd51710422036ca968a7
-
SHA256
4df37056407ca0353e2357399ec8f2bd7583b6d10fc5d1d4f6744b9415a1ce2f
-
SHA512
3b7077d939301d4708a8d41d27bfe0df8e4d703d07af8882e14b02b65dfde303b13f2a428c2911fe3d1eb086e05199bb791562e490ac28092fbd6f520102335e
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-