General
-
Target
PO#_45662.vbs
-
Size
15KB
-
Sample
211023-gla5aacbc4
-
MD5
90161e1c823ccc2e151d0828a801d035
-
SHA1
3e7ca03445260eb094f4d3a5506ff953d7405d8c
-
SHA256
4ec13434944f4989f27c29121d433ada8363059c6e20a3828792a06c4171a60b
-
SHA512
cec2bacfdb81dd93a7a8f4a41444cca5be2439fff5575deff9700a09fac01b40b2394fbc995f2d1987c61668851c919586514f124a3fd396c076cab0c69fe62f
Static task
static1
Behavioral task
behavioral1
Sample
PO#_45662.vbs
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PO#_45662.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v2.0
------(Send)------
new.libya2020.com.ly:2020
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
PO#_45662.vbs
-
Size
15KB
-
MD5
90161e1c823ccc2e151d0828a801d035
-
SHA1
3e7ca03445260eb094f4d3a5506ff953d7405d8c
-
SHA256
4ec13434944f4989f27c29121d433ada8363059c6e20a3828792a06c4171a60b
-
SHA512
cec2bacfdb81dd93a7a8f4a41444cca5be2439fff5575deff9700a09fac01b40b2394fbc995f2d1987c61668851c919586514f124a3fd396c076cab0c69fe62f
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-