General
-
Target
7837626121.zip
-
Size
879B
-
Sample
220809-xnv58sgcf7
-
MD5
5a830c2c72088e275e17f2699e37b53c
-
SHA1
f169de8e31e930a581d6b00e9fa88b8f1ec242f1
-
SHA256
ae65e1d43dc79fba514c715b37f058e20a99d479663034f3eabbd6614ba7d6b0
-
SHA512
a30cb372b5cef7f3fa22c166cb7b1b88ec0a7dbb8e738fcc11a4b81aed7c46ec36b6b2f12c9fc52c3a040e86b71b73c2d51616c2f12dd6aeff696aac95b54355
Static task
static1
Behavioral task
behavioral1
Sample
LIYDOERWQPOKERHAVAXOCI.vbs
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
LIYDOERWQPOKERHAVAXOCI.vbs
Resource
win10v2004-20220722-en
Malware Config
Extracted
https://tradeguru.com.pk/enc1
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
LIYDOERWQPOKERHAVAXOCI.vbs
-
Size
1KB
-
MD5
733afa01e2447e2fcafcf4f224a1a4a7
-
SHA1
fcb94d8e29aa8bb802104a6ea49f7e715bea7031
-
SHA256
00eb25d6c95f74f9c7caded04eca76fa2a03e280448af51c1108b75b2709909a
-
SHA512
42658d2f4cbb0a75c49434644078ad5291995b415481186a66aad1fd31a3013002e6f753093f81c4d8022a7811b199e2b66270c4017a928f6bf9df72d0334948
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-