General
-
Target
Reservation.vbs
-
Size
7KB
-
Sample
210919-r2e4aacba2
-
MD5
ec9f108d335607135782af17ab903592
-
SHA1
8587a5bb04991cf200922d0a9dbd8e12a8f5691f
-
SHA256
20031bbf53fc23ccbcc482f37c73975ffe6187151e49939f924b468ab566c73c
-
SHA512
6a0e16d81fa2394780b099ca3d4b2ac3d609d93fb5b9bc5af759ce1004d17ac922ffb2b749c75c1b869ad0451b96185747da03b336caf5ff13ae1a9e844d797b
Static task
static1
Behavioral task
behavioral1
Sample
Reservation.vbs
Resource
win7-en-20210916
Malware Config
Extracted
http://13.112.210.240/njbypass.txt
Extracted
njrat
0.7d
HacKed
103.156.92.140:5489
b9bcbd71b3095eaa1d613e7db66ba013
-
reg_key
b9bcbd71b3095eaa1d613e7db66ba013
-
splitter
|'|'|
Targets
-
-
Target
Reservation.vbs
-
Size
7KB
-
MD5
ec9f108d335607135782af17ab903592
-
SHA1
8587a5bb04991cf200922d0a9dbd8e12a8f5691f
-
SHA256
20031bbf53fc23ccbcc482f37c73975ffe6187151e49939f924b468ab566c73c
-
SHA512
6a0e16d81fa2394780b099ca3d4b2ac3d609d93fb5b9bc5af759ce1004d17ac922ffb2b749c75c1b869ad0451b96185747da03b336caf5ff13ae1a9e844d797b
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-