General
-
Target
e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs
-
Size
828B
-
Sample
210915-kd3fcaacc9
-
MD5
9af0d5fbc14e3ac0ae409dfef6e04228
-
SHA1
931b3139830e5485f198bb72ecba50475e4c8df2
-
SHA256
e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed
-
SHA512
fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e
Static task
static1
Behavioral task
behavioral1
Sample
e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs
Resource
win7v20210408
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
envirat.duckdns.org:3013
6de17d5355fa43eca7e
-
reg_key
6de17d5355fa43eca7e
-
splitter
@!#&^%$
Targets
-
-
Target
e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs
-
Size
828B
-
MD5
9af0d5fbc14e3ac0ae409dfef6e04228
-
SHA1
931b3139830e5485f198bb72ecba50475e4c8df2
-
SHA256
e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed
-
SHA512
fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-