General
-
Target
92baf7d1d57f1c7c6368c79646304ddb.vbs
-
Size
488KB
-
Sample
211227-yq6v7adba6
-
MD5
92baf7d1d57f1c7c6368c79646304ddb
-
SHA1
243ea00cea30c24c463b2263479502481458ec41
-
SHA256
fa0c16419a4f2e838f7f9f72f252b5f391da16d47910c1a7a84d8e3b01d1b550
-
SHA512
7ddb663e69b9cec619c9211052d3df31b942d7cc56c6c9da4d469ce09c072559eb24544f64974a42c36e9eeb324c30a22029a93e2f04dceeb036c66bc9020c60
Static task
static1
Behavioral task
behavioral1
Sample
92baf7d1d57f1c7c6368c79646304ddb.vbs
Resource
win7-en-20211208
Malware Config
Extracted
http://91.241.19.49/ramdes/treboldll.txt
Extracted
njrat
0.7NC
NYAN CAT
revg.duckdns.org:57831
ebef4abe57d24e8
-
reg_key
ebef4abe57d24e8
-
splitter
@!#&^%$
Targets
-
-
Target
92baf7d1d57f1c7c6368c79646304ddb.vbs
-
Size
488KB
-
MD5
92baf7d1d57f1c7c6368c79646304ddb
-
SHA1
243ea00cea30c24c463b2263479502481458ec41
-
SHA256
fa0c16419a4f2e838f7f9f72f252b5f391da16d47910c1a7a84d8e3b01d1b550
-
SHA512
7ddb663e69b9cec619c9211052d3df31b942d7cc56c6c9da4d469ce09c072559eb24544f64974a42c36e9eeb324c30a22029a93e2f04dceeb036c66bc9020c60
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-