General
-
Target
RFQ-474552121.vbs
-
Size
15KB
-
Sample
211026-qdstsshee4
-
MD5
147841ac2ca60229a754403fddad59ec
-
SHA1
9de7705976aec4bedd6f8805065ac17be1282d75
-
SHA256
a88a9fc866e2da0a88fbbf44e23b39b3bb980135b0d1c1aafbbef87490c2f34c
-
SHA512
92be569b47e9a8445bfb62b44b3bf3a1116b528520a958f037967f16a0746f9ff6c23ceab63c1d7159565e20656cdf193c768323efa0e151f407b9775516f4b4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-474552121.vbs
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RFQ-474552121.vbs
Resource
win10-en-20210920
Malware Config
Extracted
njrat
v2.0
------(XxX)------
new.libya2020.com.ly:2020
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
RFQ-474552121.vbs
-
Size
15KB
-
MD5
147841ac2ca60229a754403fddad59ec
-
SHA1
9de7705976aec4bedd6f8805065ac17be1282d75
-
SHA256
a88a9fc866e2da0a88fbbf44e23b39b3bb980135b0d1c1aafbbef87490c2f34c
-
SHA512
92be569b47e9a8445bfb62b44b3bf3a1116b528520a958f037967f16a0746f9ff6c23ceab63c1d7159565e20656cdf193c768323efa0e151f407b9775516f4b4
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-