General
-
Target
RFQ-474552121.PDF.vbs
-
Size
1.5MB
-
Sample
211016-rnz7ascaf6
-
MD5
984ff6ee5d1b7a975d9f95937101dfbc
-
SHA1
a7180061ccbf2add84fe873f15d09f9511740338
-
SHA256
8b83cbd6a35bbf62bc865b1037db4f3a3b6a35d5be7f99f1db620cc8b7ca1437
-
SHA512
86284f7799ea65cb4e306d2f2ca8934f2149d7a234b9f994027f1c4307660f190f8d559a6a180ffdcd98202f2b68af0df104646c699a1d2d5a8c9018a6a534c2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-474552121.PDF.vbs
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RFQ-474552121.PDF.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v2.0
+++++55555++++
new.libya2020.com.ly:2020
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
RFQ-474552121.PDF.vbs
-
Size
1.5MB
-
MD5
984ff6ee5d1b7a975d9f95937101dfbc
-
SHA1
a7180061ccbf2add84fe873f15d09f9511740338
-
SHA256
8b83cbd6a35bbf62bc865b1037db4f3a3b6a35d5be7f99f1db620cc8b7ca1437
-
SHA512
86284f7799ea65cb4e306d2f2ca8934f2149d7a234b9f994027f1c4307660f190f8d559a6a180ffdcd98202f2b68af0df104646c699a1d2d5a8c9018a6a534c2
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-