General
-
Target
bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
-
Size
1KB
-
Sample
220707-yl7xpahgdl
-
MD5
dcf70880bd956403ff860a161f46d006
-
SHA1
bc58522fa1b0f28e512c16b5759b1f706a9c79f5
-
SHA256
bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
-
SHA512
b7cb8d9fd28afa6195ba34f0aa3142aa4c7a085d1a36677138fd70a25d6dd180656b8edc4642e15a3edb2ac816a86832bc91835f83ca6b391ffbd3c2db4f5f82
Static task
static1
Behavioral task
behavioral1
Sample
bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a.vbs
Resource
win7-20220414-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/749769178239467520/795351734603350066/3.txt
Extracted
njrat
0.7NC
NYAN CAT
xbbu.myq-see.com:4444
0c030688cdfe4e
-
reg_key
0c030688cdfe4e
-
splitter
@!#&^%$
Targets
-
-
Target
bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
-
Size
1KB
-
MD5
dcf70880bd956403ff860a161f46d006
-
SHA1
bc58522fa1b0f28e512c16b5759b1f706a9c79f5
-
SHA256
bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
-
SHA512
b7cb8d9fd28afa6195ba34f0aa3142aa4c7a085d1a36677138fd70a25d6dd180656b8edc4642e15a3edb2ac816a86832bc91835f83ca6b391ffbd3c2db4f5f82
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-