General
-
Target
004.vbs
-
Size
217KB
-
Sample
221012-w697fafeal
-
MD5
9c28dc451989b0976c1ef4bd80841148
-
SHA1
a49b80391827b4edc9095ff8667d31967c7d5bf4
-
SHA256
5e616efa5ea49eaf66bf377e5a6e5ad24d7c0918e0a568f0888e2053a2964de1
-
SHA512
9141b1c5ee45b322263fc6cb6821760aed5253e4fff29846554428683ecbb494289dcde721bcfea72bb2756a000c8804bcc3ffdbd955e0e140265582512a0a1d
-
SSDEEP
96:tYsY6WYW0gAJDLbD71b0F4WOktEpD2AUB/0zHNE2UvIkZ1+AN1qHE:CzCNNJDHHiFbBQD2RB/0zHDkZJ1qk
Static task
static1
Behavioral task
behavioral1
Sample
004.vbs
Resource
win7-20220901-en
Malware Config
Extracted
https://tinyurl.com/2erph6cs
Extracted
njrat
0.7NC
NYAN CAT
wins10ok.duckdns.org:8000
3b71ea03e4
-
reg_key
3b71ea03e4
-
splitter
@!#&^%$
Targets
-
-
Target
004.vbs
-
Size
217KB
-
MD5
9c28dc451989b0976c1ef4bd80841148
-
SHA1
a49b80391827b4edc9095ff8667d31967c7d5bf4
-
SHA256
5e616efa5ea49eaf66bf377e5a6e5ad24d7c0918e0a568f0888e2053a2964de1
-
SHA512
9141b1c5ee45b322263fc6cb6821760aed5253e4fff29846554428683ecbb494289dcde721bcfea72bb2756a000c8804bcc3ffdbd955e0e140265582512a0a1d
-
SSDEEP
96:tYsY6WYW0gAJDLbD71b0F4WOktEpD2AUB/0zHNE2UvIkZ1+AN1qHE:CzCNNJDHHiFbBQD2RB/0zHDkZJ1qk
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-