General
-
Target
ef51f5588cebd20ca6a46a320b14c9de.vbs
-
Size
213KB
-
Sample
220809-zthhfahfe7
-
MD5
ef51f5588cebd20ca6a46a320b14c9de
-
SHA1
ad41361e71e54d698ef7dfc73ed301fb6585964a
-
SHA256
9618eefb437302f8ef0baa9cc6ec6f6e9ba7fe94447d88202ab5ec9b033bf110
-
SHA512
6e81da5cebfa44488d9dee5cf3962b3e17cae36123a48dbc2e5cf7c96d64ddc48505120d720c61eed393524f05200160b5715da9e3bc7143d5b2c16b69bc66e5
Static task
static1
Behavioral task
behavioral1
Sample
ef51f5588cebd20ca6a46a320b14c9de.vbs
Resource
win7-20220718-en
Malware Config
Extracted
http://91.241.19.49/MCK/FRAK.txt
Extracted
njrat
0.7NC
NYAN CAT
gfxcvfgsewrwrqwergvcbx.duckdns.org:9998
52c3af89f78848a0b69
-
reg_key
52c3af89f78848a0b69
-
splitter
@!#&^%$
Targets
-
-
Target
ef51f5588cebd20ca6a46a320b14c9de.vbs
-
Size
213KB
-
MD5
ef51f5588cebd20ca6a46a320b14c9de
-
SHA1
ad41361e71e54d698ef7dfc73ed301fb6585964a
-
SHA256
9618eefb437302f8ef0baa9cc6ec6f6e9ba7fe94447d88202ab5ec9b033bf110
-
SHA512
6e81da5cebfa44488d9dee5cf3962b3e17cae36123a48dbc2e5cf7c96d64ddc48505120d720c61eed393524f05200160b5715da9e3bc7143d5b2c16b69bc66e5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-