General
-
Target
RFQ.vbs
-
Size
7KB
-
Sample
210917-vm1cfsgac2
-
MD5
344aaf64e1d6be52690b5006b4e7e407
-
SHA1
7d23e39c1aefae326ec42b82bdfdcae504d2662f
-
SHA256
a078a2a795317c2e46fbb857f9f2cda679731bf8276f19a8d9c2fb2b3c076f27
-
SHA512
c2064b2c5dd9cc8ba22f9b9136e71eabcfbd16b89d8d0ec3cd7b6945d4244045ebe7fe22450728c0de5ce2278926c8444dd2a043c82471a34f9ae43932a4b8f3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.vbs
Resource
win7v20210408
Malware Config
Extracted
http://13.112.210.240/bypass.txt
Extracted
njrat
0.7d
HacKed
103.153.78.241:7851
c111af59b6283a846969092a2400626a
-
reg_key
c111af59b6283a846969092a2400626a
-
splitter
|'|'|
Targets
-
-
Target
RFQ.vbs
-
Size
7KB
-
MD5
344aaf64e1d6be52690b5006b4e7e407
-
SHA1
7d23e39c1aefae326ec42b82bdfdcae504d2662f
-
SHA256
a078a2a795317c2e46fbb857f9f2cda679731bf8276f19a8d9c2fb2b3c076f27
-
SHA512
c2064b2c5dd9cc8ba22f9b9136e71eabcfbd16b89d8d0ec3cd7b6945d4244045ebe7fe22450728c0de5ce2278926c8444dd2a043c82471a34f9ae43932a4b8f3
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-