General
-
Target
REQUIREMENT.vbs
-
Size
2KB
-
Sample
210924-vfpx5shde8
-
MD5
b17c7601e3b5dad7c15fde1ff075772b
-
SHA1
a81a6b3de1470de726e4e31d143bbb5799834598
-
SHA256
f333e20bf5157aced9fa551fb2384457e8b3b2567ee0f2ef329aad33bfa66fb2
-
SHA512
504141a430351bc54fb02bbdf52887e0ccff1c82d8ffd967f8bd4356031c61ad920bfbee4e568a45fc43e7783f8203aeabac4292d74be5eca451cdb6edec9825
Static task
static1
Behavioral task
behavioral1
Sample
REQUIREMENT.vbs
Resource
win7v20210408
Malware Config
Extracted
http://13.112.210.240/bypass.txt
Extracted
njrat
0.7d
HacKed
njpeople.duckdns.org:6745
730f7d095684724798010fdf6a67928d
-
reg_key
730f7d095684724798010fdf6a67928d
-
splitter
|'|'|
Targets
-
-
Target
REQUIREMENT.vbs
-
Size
2KB
-
MD5
b17c7601e3b5dad7c15fde1ff075772b
-
SHA1
a81a6b3de1470de726e4e31d143bbb5799834598
-
SHA256
f333e20bf5157aced9fa551fb2384457e8b3b2567ee0f2ef329aad33bfa66fb2
-
SHA512
504141a430351bc54fb02bbdf52887e0ccff1c82d8ffd967f8bd4356031c61ad920bfbee4e568a45fc43e7783f8203aeabac4292d74be5eca451cdb6edec9825
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-