General
-
Target
DIRRECCION DE IMPUESTO Y ADUANAS NACIONALES DIAN.exe
-
Size
32KB
-
Sample
220118-z4l9daddel
-
MD5
b14ab88bb304ae5d8cc5afba5b1177ba
-
SHA1
6533a50c2bb3183523c3ec9d4597686c27143b8f
-
SHA256
e0226d807439f58824f989e1d94049405c26c2ac3d0b681761cd4c8557e90362
-
SHA512
f68ac8f715a5f00792baae407c1775c757d1c96937b4a251cf254d8cb224eaa8429b224a66689bb4b936d0af2c7711018bd1e46f5467b78521d64fef2c31877f
Static task
static1
Behavioral task
behavioral1
Sample
DIRRECCION DE IMPUESTO Y ADUANAS NACIONALES DIAN.exe.vbs
Resource
win7-en-20211208
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
policyprivacy.duckdns.org:4658
10ff818f2c6b
-
reg_key
10ff818f2c6b
-
splitter
@!#&^%$
Targets
-
-
Target
DIRRECCION DE IMPUESTO Y ADUANAS NACIONALES DIAN.exe
-
Size
32KB
-
MD5
b14ab88bb304ae5d8cc5afba5b1177ba
-
SHA1
6533a50c2bb3183523c3ec9d4597686c27143b8f
-
SHA256
e0226d807439f58824f989e1d94049405c26c2ac3d0b681761cd4c8557e90362
-
SHA512
f68ac8f715a5f00792baae407c1775c757d1c96937b4a251cf254d8cb224eaa8429b224a66689bb4b936d0af2c7711018bd1e46f5467b78521d64fef2c31877f
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-