General
-
Target
estado de cuenta camscanner.vbs
-
Size
561KB
-
Sample
221103-yzdwrsefb9
-
MD5
b31238fa012fd17fe9a54be6a51c3fea
-
SHA1
c45838fed29fc9366f91add4273fc9d7be1d4331
-
SHA256
56aa1c3927f73a53c0b0def3734891334f311ae882c00754b0a42c9517e91c35
-
SHA512
7cdef98f0d6e485c294334dd39990179a277eb90f00297c71e9d4a744865150b8bafab48ab167ca236b9f657ff0a6c14dbb8c43a77d91d5cf947219b60663c31
-
SSDEEP
96:7HHHHHteV92eYer9Y34N69Db0FgW+0l5o1N3yHyTB11qL0192xNosJU1kNEHnXXG:4nh5wiFzx5o1QS/j14ta1k0X1Pbk
Static task
static1
Behavioral task
behavioral1
Sample
estado de cuenta camscanner.vbs
Resource
win7-20220812-en
Malware Config
Extracted
https://firebasestorage.googleapis.com/v0/b/fir-3b506.appspot.com/o/dll%2Fnego.txt?alt=media&token=f068e42c-0fbc-4dcc-9984-985de5d7ed9c
Extracted
njrat
0.7.3
Lime
marianavilla3008n.duckdns.org:2610
Client.exe
-
reg_key
Client.exe
-
splitter
1234
Targets
-
-
Target
estado de cuenta camscanner.vbs
-
Size
561KB
-
MD5
b31238fa012fd17fe9a54be6a51c3fea
-
SHA1
c45838fed29fc9366f91add4273fc9d7be1d4331
-
SHA256
56aa1c3927f73a53c0b0def3734891334f311ae882c00754b0a42c9517e91c35
-
SHA512
7cdef98f0d6e485c294334dd39990179a277eb90f00297c71e9d4a744865150b8bafab48ab167ca236b9f657ff0a6c14dbb8c43a77d91d5cf947219b60663c31
-
SSDEEP
96:7HHHHHteV92eYer9Y34N69Db0FgW+0l5o1N3yHyTB11qL0192xNosJU1kNEHnXXG:4nh5wiFzx5o1QS/j14ta1k0X1Pbk
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-