General
-
Target
a0710cc802f4339ff34a3c352398cd8b.vbs
-
Size
828KB
-
Sample
220526-vh525shbfp
-
MD5
a0710cc802f4339ff34a3c352398cd8b
-
SHA1
f4416cf898162df5e59ccc9f2fe646d54316d569
-
SHA256
469e814ea9419f0a247d1eff3ed9aee9083d92a3975786bacb682bfa6af542a4
-
SHA512
339aee395da23e72bb1f7fe30c5da4c191a819ed526e5226a94761b6274f8468697ca7d980a38838baf424bca2e1ecd18a4b04dbf3716411b4791f2d0f5510e6
Static task
static1
Behavioral task
behavioral1
Sample
a0710cc802f4339ff34a3c352398cd8b.vbs
Resource
win7-20220414-en
Malware Config
Extracted
http://20.106.232.4/dll/26-05-2022-StartUp.pdf
Extracted
njrat
0.7NC
NYAN CAT
2605mayo5434.duckdns.org:5434
2edbba685e604255b6
-
reg_key
2edbba685e604255b6
-
splitter
@!#&^%$
Targets
-
-
Target
a0710cc802f4339ff34a3c352398cd8b.vbs
-
Size
828KB
-
MD5
a0710cc802f4339ff34a3c352398cd8b
-
SHA1
f4416cf898162df5e59ccc9f2fe646d54316d569
-
SHA256
469e814ea9419f0a247d1eff3ed9aee9083d92a3975786bacb682bfa6af542a4
-
SHA512
339aee395da23e72bb1f7fe30c5da4c191a819ed526e5226a94761b6274f8468697ca7d980a38838baf424bca2e1ecd18a4b04dbf3716411b4791f2d0f5510e6
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Powershell commands sent B64 2
suricata: ET MALWARE Powershell commands sent B64 2
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-