General
-
Target
7805376166.zip
-
Size
880B
-
Sample
220809-xn6xqseffp
-
MD5
f80df01f560d632d59da10d8bf5b4444
-
SHA1
184e5afb4ddeecba6e6dcc7b5059c73b347a492c
-
SHA256
d014ba574b1546b47f9a03a844272cf994f024957707ec4ccac144d0dfdfe9bf
-
SHA512
7f58282bca4f42121109eac33ecfca3c9c8a8cbb0cf0f65ab0d5f684e4159b9e5feaa76076df2453059a9b29f4163002259c35450c0915d4a29bcc329ec2575d
Static task
static1
Behavioral task
behavioral1
Sample
ZURLRYOHRJILYWHHLBXSQO.vbs
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
ZURLRYOHRJILYWHHLBXSQO.vbs
Resource
win10v2004-20220721-en
Malware Config
Extracted
https://tradeguru.com.pk/enc3.txt
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
ZURLRYOHRJILYWHHLBXSQO.vbs
-
Size
1KB
-
MD5
5f15ed0b10945b58f1d89fd89e7816a2
-
SHA1
0912be608b29f1bb905f9758e5b791f43531fc3b
-
SHA256
b529175e6e3cd7badb222d3a863d034241489835759f9557d8e8aae52e562706
-
SHA512
3e92fc68eb3de3dd8373842c8f4566323299803425ff8a80764f40f762a0680b5d30aeabb9f7a3efb189ebd3c0594ca7c4292a3e26836955db81ad260a144cae
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-