General
-
Target
DETALLES FACTUTACION VENCIDA.PDF.vbs
-
Size
208KB
-
Sample
220701-za1vnsahbj
-
MD5
c2a54f061aba21192c2366e5aff19ef3
-
SHA1
0e35261883e5bbe9df33797d230f7180309b083e
-
SHA256
80d4b70c3b8c11f6c761e105ce14f61e191a89cc8bd81ee86fb741f48bfdb7ff
-
SHA512
59ebcecb57800046d977e2fdd733d29e41d3ca14feab25b730ceeee8e6f4fa5e40e72eff2c3a629c8d9af298dbad1e18c1a34d87cef76e908f754f3221b558db
Static task
static1
Behavioral task
behavioral1
Sample
DETALLES FACTUTACION VENCIDA.PDF.vbs
Resource
win7-20220414-en
Malware Config
Extracted
http://193.106.191.105/dll/dll%E2%93%94%E2%93%94%E2%93%94.txt
Extracted
njrat
0.7NC
NYAN CAT
quilleras.duckdns.org:2054
304ca59d53bc4d4
-
reg_key
304ca59d53bc4d4
-
splitter
@!#&^%$
Targets
-
-
Target
DETALLES FACTUTACION VENCIDA.PDF.vbs
-
Size
208KB
-
MD5
c2a54f061aba21192c2366e5aff19ef3
-
SHA1
0e35261883e5bbe9df33797d230f7180309b083e
-
SHA256
80d4b70c3b8c11f6c761e105ce14f61e191a89cc8bd81ee86fb741f48bfdb7ff
-
SHA512
59ebcecb57800046d977e2fdd733d29e41d3ca14feab25b730ceeee8e6f4fa5e40e72eff2c3a629c8d9af298dbad1e18c1a34d87cef76e908f754f3221b558db
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-