General
-
Target
7839746120.zip
-
Size
883B
-
Sample
220809-xng9dagce3
-
MD5
4425864a70b8e8b37f509564e5aa46e0
-
SHA1
9c37b2f2d5cdd3da0712dd46d0c244bfe3fef1aa
-
SHA256
7e2b18922467014df87db3d500b6b41ce7d5c16d82cbcd2cb9c089acb4f5c507
-
SHA512
d7e1c1ab1820a2d9e0f645f3325a59f7a8080b99c4dda0fa526ca6472607f737527ab2c6c1013b484007db6bb9fd6a6b43903deeb6bb1f1dfc951cd5b868686d
Static task
static1
Behavioral task
behavioral1
Sample
LIYDOERWQPOKERHAVAXOCI.vbs
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
LIYDOERWQPOKERHAVAXOCI.vbs
Resource
win10v2004-20220721-en
Malware Config
Extracted
https://tradeguru.com.pk/enc.txt
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
LIYDOERWQPOKERHAVAXOCI.vbs
-
Size
1KB
-
MD5
7fa6c86604b4b5706beac109127af386
-
SHA1
aeac233400b02928f3a025a740bcfd6e2f85cd8a
-
SHA256
04d8d89df7a3ebe9d24b4635b6f4760e81465d672cb9f010e020b336b2d811ec
-
SHA512
e79fe1be4f96e06da8f60e7bb486e854bbf66509c637f08734771cc6a26a8051a281f8e484145252cd2e90d7196175761ad14f4cf00122ae9431a330ba189330
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-