General
-
Target
tmpuB1xoC.vbs
-
Size
757KB
-
Sample
220806-g9zsjseae5
-
MD5
9dc5849357ad8c24dee16b6103c76e07
-
SHA1
71934dc525d7cff4d493a5737d34188dd1906ec4
-
SHA256
2d04a0d8fac45912b00ddc206423b2a0536e2a035642729535852f6d163946ee
-
SHA512
127bc5c32c8811771d2acbeebe1675b64cadae777158e55f10ec724a92396a70ce67c451443470e1eb630834f916a76c8f4c080f2a431119d6fc40e204c297d3
Static task
static1
Behavioral task
behavioral1
Sample
tmpuB1xoC.vbs
Resource
win7-20220715-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/979582020927774773/980218074567421972/dl.txt
Extracted
njrat
puerto2547.duckdns.org:2547
d52c2b17132548b
-
reg_key
d52c2b17132548b
-
splitter
@!#&^%$
Targets
-
-
Target
tmpuB1xoC.vbs
-
Size
757KB
-
MD5
9dc5849357ad8c24dee16b6103c76e07
-
SHA1
71934dc525d7cff4d493a5737d34188dd1906ec4
-
SHA256
2d04a0d8fac45912b00ddc206423b2a0536e2a035642729535852f6d163946ee
-
SHA512
127bc5c32c8811771d2acbeebe1675b64cadae777158e55f10ec724a92396a70ce67c451443470e1eb630834f916a76c8f4c080f2a431119d6fc40e204c297d3
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-