General
-
Target
NJRATCASA22.zip
-
Size
3KB
-
Sample
220126-ktbbssbdf2
-
MD5
097303335d29c881dacc3e84a53bb9d8
-
SHA1
94df28f7a1974ef41627ed15b629b0bf96a3cc97
-
SHA256
ac630699a97a8f5c8273f1531df135ae3dd88ff8bd952a5944783f044cff2871
-
SHA512
62c6224984b54bb02083102ae8042254ffe4762bf3d1e35032ae4612fb4b2c2f7e36ddcf3b2ddb93a0383ba24ea65e7240c5d5e23714e8988ed15f8854fb3d79
Static task
static1
Behavioral task
behavioral1
Sample
NJRATCASA22.vbs
Resource
win7-en-20211208
Malware Config
Extracted
http://192.99.190.34/dll/1.txt
Extracted
njrat
0.7NC
NYAN CAT
venomsi.mypsx.net:81
4c6c9a1bbdc34e6ebe
-
reg_key
4c6c9a1bbdc34e6ebe
-
splitter
@!#&^%$
Targets
-
-
Target
NJRATCASA22.vbs
-
Size
330KB
-
MD5
8a4f7794001fbe25ab1820e9a66db1da
-
SHA1
fd1e5582b21480d6d19b247fe71f96d500314038
-
SHA256
6cbb94dab89d523749b578de2590ad064049c0574476f553df9ffcf9d13ddf51
-
SHA512
dd5305d5613314d78972169320971021e9d98af6c7cc5b2cb494996fe275cea87ad9aa9cd4f0109b482e6bb45b88f1fedf557c82925c68b152c7da110a292751
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-