General
-
Target
QA6433_#002.vbs
-
Size
1KB
-
Sample
211123-sqtb7saeaj
-
MD5
a124bd8fd1451e19150b422695548e0e
-
SHA1
7c6b915684cacddeff53b78394e07789b55d0b2a
-
SHA256
3e7c51d2872014402332aa1e75d853db3d157c7521908852363618a3cdcc5be9
-
SHA512
515bb7cd68df86d248253d0b84a9dcf89d6ae4cc28c3edc432c9a1562d1dab4339d37c13c6a6e75b5c37bc6815dd43b7699165e50e73964d633f2808507ad5ad
Static task
static1
Behavioral task
behavioral1
Sample
QA6433_#002.vbs
Resource
win7-en-20211014
Malware Config
Extracted
https://fs13n4.sendspace.com/dlpro/3137f454c7a01624c025f577c50150f1/619cfd5e/tza6mk/HSJWE.txt
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
QA6433_#002.vbs
-
Size
1KB
-
MD5
a124bd8fd1451e19150b422695548e0e
-
SHA1
7c6b915684cacddeff53b78394e07789b55d0b2a
-
SHA256
3e7c51d2872014402332aa1e75d853db3d157c7521908852363618a3cdcc5be9
-
SHA512
515bb7cd68df86d248253d0b84a9dcf89d6ae4cc28c3edc432c9a1562d1dab4339d37c13c6a6e75b5c37bc6815dd43b7699165e50e73964d633f2808507ad5ad
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-