General
-
Target
Documentacion.PDF.vbs
-
Size
162KB
-
Sample
210915-pzmdgadgcm
-
MD5
16dd6afc5e63f4edc4f35fd1176e63bd
-
SHA1
d64a9461b703119695e76f880832924d487a648a
-
SHA256
c34173dfa5a1a842bb14ef1fddd8f15b0998577740469b6987d138e165786994
-
SHA512
3e2abe804b90ec51e1a7fb4145a0b11304e3d279c13cc3f65380721c079fb1b9711bb491e92b5e95c6ca957aeb7bfed9b33b030c094a1dcc3d4ebcab577b8df3
Static task
static1
Behavioral task
behavioral1
Sample
Documentacion.PDF.vbs
Resource
win7v20210408
Malware Config
Extracted
https://onedrive.live.com/download?cid=4DBCDBEA8A120146&resid=4DBCDBEA8A120146%21152&authkey=AP1AB-SxiNqVg04
Extracted
njrat
0.7NC
NYAN CAT
pedrobedoya2021.duckdns.org:1980
cf13c225ff474d45b
-
reg_key
cf13c225ff474d45b
-
splitter
@!#&^%$
Targets
-
-
Target
Documentacion.PDF.vbs
-
Size
162KB
-
MD5
16dd6afc5e63f4edc4f35fd1176e63bd
-
SHA1
d64a9461b703119695e76f880832924d487a648a
-
SHA256
c34173dfa5a1a842bb14ef1fddd8f15b0998577740469b6987d138e165786994
-
SHA512
3e2abe804b90ec51e1a7fb4145a0b11304e3d279c13cc3f65380721c079fb1b9711bb491e92b5e95c6ca957aeb7bfed9b33b030c094a1dcc3d4ebcab577b8df3
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-