General
-
Target
08ce84e90aeb685e22efe8dad5d12ad1.vbs
-
Size
184KB
-
Sample
220531-vk4bbsfecr
-
MD5
08ce84e90aeb685e22efe8dad5d12ad1
-
SHA1
fe33c25483bf411fae668acca7e159af1fa1ca4c
-
SHA256
392e1b6d5a343eefbc9e05323aadab4074a56c9edb7554b8085f45d319d837b7
-
SHA512
42bff67e635ccb5d4c7ae1198dd4882ebfae95b9a02ff14bc9d8ea69b6bff504daf19a67374f5bbf9b94390466e51efe4ec3363c3aef2b3a5ba5b3a61dbb7990
Static task
static1
Behavioral task
behavioral1
Sample
08ce84e90aeb685e22efe8dad5d12ad1.vbs
Resource
win7-20220414-en
Malware Config
Extracted
http://91.241.19.49/CRYPT/Flechas10DLL.txt
Extracted
njrat
0.7NC
NYAN CAT
wibnj.duckdns.org:57831
549d524552
-
reg_key
549d524552
-
splitter
@!#&^%$
Targets
-
-
Target
08ce84e90aeb685e22efe8dad5d12ad1.vbs
-
Size
184KB
-
MD5
08ce84e90aeb685e22efe8dad5d12ad1
-
SHA1
fe33c25483bf411fae668acca7e159af1fa1ca4c
-
SHA256
392e1b6d5a343eefbc9e05323aadab4074a56c9edb7554b8085f45d319d837b7
-
SHA512
42bff67e635ccb5d4c7ae1198dd4882ebfae95b9a02ff14bc9d8ea69b6bff504daf19a67374f5bbf9b94390466e51efe4ec3363c3aef2b3a5ba5b3a61dbb7990
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-