General
-
Target
INTERAC PAYMENT.vbs
-
Size
7KB
-
Sample
210920-w2ly2sehg9
-
MD5
f3bc5f7625cfb7d4f44f784561b05faf
-
SHA1
8831e8de10c1365cbc23bf50b96b6292fd09af29
-
SHA256
9b08fe9109b0e4b68f52624894d0ea9261f4a434f07d022f2d2b2d7c12877460
-
SHA512
cd5a57d361c02aeda535d19461798d9b5779f94e17aa12cc2ee9db4ba1605a8ce8fe04dcf4a1bee312261902a7c2bb579cc916f98576d679ded10a6c64807665
Static task
static1
Behavioral task
behavioral1
Sample
INTERAC PAYMENT.vbs
Resource
win7-en-20210920
Malware Config
Extracted
http://13.112.210.240/NJNJNJNJbypass.txt
Extracted
njrat
0.7d
HacKed
103.156.92.140:5489
b9bcbd71b3095eaa1d613e7db66ba013
-
reg_key
b9bcbd71b3095eaa1d613e7db66ba013
-
splitter
|'|'|
Targets
-
-
Target
INTERAC PAYMENT.vbs
-
Size
7KB
-
MD5
f3bc5f7625cfb7d4f44f784561b05faf
-
SHA1
8831e8de10c1365cbc23bf50b96b6292fd09af29
-
SHA256
9b08fe9109b0e4b68f52624894d0ea9261f4a434f07d022f2d2b2d7c12877460
-
SHA512
cd5a57d361c02aeda535d19461798d9b5779f94e17aa12cc2ee9db4ba1605a8ce8fe04dcf4a1bee312261902a7c2bb579cc916f98576d679ded10a6c64807665
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-