General
-
Target
Su contraseña es 118 Tramitándose expediente administrativo para el cobro de sus deudas pendientes de pago correspondientes SE DECLARAN EMBARGADOS.vbs
-
Size
205KB
-
Sample
220811-rvtm4agcgr
-
MD5
173a182f65910267fa0e8590dd0cfc0e
-
SHA1
3b8bf6b2f4ad725511fca0e0198b4499c75fe86c
-
SHA256
49bb9b1be17a3b590a8cb4245e1a3f07fb13648676ff7e0240f3030678c503d6
-
SHA512
44d5a9a9d2166253c2af4b8820f323d29a2cd7042a3408440bd86b8422d25a28006891ca9f690d756271e85d09965047c2eebcbd18b5af8a378ff0785924900d
Static task
static1
Behavioral task
behavioral1
Sample
Su contraseña es 118 Tramitándose expediente administrativo para el cobro de sus deudas pendient.vbs
Resource
win7-20220715-en
Malware Config
Extracted
http://91.241.19.49/ARTS/dllf3txt
Extracted
njrat
0.7NC
NYAN CAT
wibnj.duckdns.org:57831
549d524552
-
reg_key
549d524552
-
splitter
@!#&^%$
Targets
-
-
Target
Su contraseña es 118 Tramitándose expediente administrativo para el cobro de sus deudas pendientes de pago correspondientes SE DECLARAN EMBARGADOS.vbs
-
Size
205KB
-
MD5
173a182f65910267fa0e8590dd0cfc0e
-
SHA1
3b8bf6b2f4ad725511fca0e0198b4499c75fe86c
-
SHA256
49bb9b1be17a3b590a8cb4245e1a3f07fb13648676ff7e0240f3030678c503d6
-
SHA512
44d5a9a9d2166253c2af4b8820f323d29a2cd7042a3408440bd86b8422d25a28006891ca9f690d756271e85d09965047c2eebcbd18b5af8a378ff0785924900d
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-