General
-
Target
RSOAW_#010.vbs
-
Size
1KB
-
Sample
211123-ynn8csecf6
-
MD5
1a82973cdecd6bd1a070e0b14fb9210f
-
SHA1
97b096ff116dd27bc2a20f5c58c87b03d6b1e7ff
-
SHA256
846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22
-
SHA512
09c473a93334b970599bfe26a3e0936d85c34ef0f711ce82bf2640a145601463686812c04962f38460bef025035cf524aac187185b51ffeb95c91fb99b7cc49c
Static task
static1
Behavioral task
behavioral1
Sample
RSOAW_#010.vbs
Resource
win7-en-20211104
Malware Config
Extracted
https://fs12n2.sendspace.com/dlpro/de7e01fb2feeae8700b438a36e907097/619d05a0/jnmrpk/eyuow.txt
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
RSOAW_#010.vbs
-
Size
1KB
-
MD5
1a82973cdecd6bd1a070e0b14fb9210f
-
SHA1
97b096ff116dd27bc2a20f5c58c87b03d6b1e7ff
-
SHA256
846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22
-
SHA512
09c473a93334b970599bfe26a3e0936d85c34ef0f711ce82bf2640a145601463686812c04962f38460bef025035cf524aac187185b51ffeb95c91fb99b7cc49c
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-