General
-
Target
Incumplimiento en pago.vbs.zip
-
Size
2KB
-
Sample
220610-p6el7sffd2
-
MD5
f155cd317af255b32b109b28f46b24f1
-
SHA1
a986d74be046656fb8e0faadfd0ace8b7e60f0fd
-
SHA256
f2b20f472de65e328684a0fcdabfce00a8893b38c0480a9394af0af25a87ed16
-
SHA512
111bac2ea0ea3c4750f0c807f491e84a0ce24bcbd9d60bd88eb0ac93cbef2ab5742064a800e54a2c00a9f7387a40b2d58c10799747e711527a4a5406749fc237
Static task
static1
Behavioral task
behavioral1
Sample
Incumplimiento en pago.vbs
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Incumplimiento en pago.vbs
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
Incumplimiento en pago.vbs
Resource
win10v2004-20220414-en
Behavioral task
behavioral4
Sample
Incumplimiento en pago.vbs
Resource
win11-20220223-en
Malware Config
Extracted
https://wpsshop.online/Dll/RodaRarodll.txt
Extracted
njrat
0.7NC
NYAN CAT
nj2020.duckdns.org:2020
fcc1d4df850
-
reg_key
fcc1d4df850
-
splitter
@!#&^%$
Targets
-
-
Target
Incumplimiento en pago.vbs
-
Size
210KB
-
MD5
349bd170f4cd652b9117c9b159f9bdcc
-
SHA1
d70dd4ea4f22180eca39d9ca09b777d2193d91ff
-
SHA256
6808952224709928c7f2d9f7bb9f8bfd404e16b686e6aa8947f6ea9bc66be3ce
-
SHA512
d85952fb863ae733002dc6b8fc8718578357584106cfc11d6b2d8d5326973bfa85c1da9b830fda6e515e2a53c90f8481fff130192853c5877d06f456c59bbece
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-