General
-
Target
Payment On Account.vbs
-
Size
3KB
-
Sample
210916-mrq1kscgg9
-
MD5
48f019f8bdb3fce7e44649974ab2330f
-
SHA1
25ce8749a17bf094e49673141032aa7b4e3893cb
-
SHA256
982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379
-
SHA512
0387aee4aa180441e42fcbc35d46e16e889706a57be37e8b59f595efa8895b2b096e47738bcd626c0b4d8a9df942edf3162dbbd7f26315d5f5a47081c3c47480
Static task
static1
Behavioral task
behavioral1
Sample
Payment On Account.vbs
Resource
win7v20210408
Malware Config
Extracted
http://54.184.87.30/Server.txt
Extracted
njrat
0.7d
HacKed
103.147.184.73:8319
98d5ec0a408febb60524eab801ba601c
-
reg_key
98d5ec0a408febb60524eab801ba601c
-
splitter
|'|'|
Targets
-
-
Target
Payment On Account.vbs
-
Size
3KB
-
MD5
48f019f8bdb3fce7e44649974ab2330f
-
SHA1
25ce8749a17bf094e49673141032aa7b4e3893cb
-
SHA256
982d8d494fe7ddecd60b8237affaf2da1399122099dae6b615bb9b6904ba0379
-
SHA512
0387aee4aa180441e42fcbc35d46e16e889706a57be37e8b59f595efa8895b2b096e47738bcd626c0b4d8a9df942edf3162dbbd7f26315d5f5a47081c3c47480
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-