General
-
Target
pum.vbs
-
Size
584KB
-
Sample
230606-k56l3sdd9t
-
MD5
850c00a9a4f884920bf998e784deb5ff
-
SHA1
dbc0cbdee0323392f7e1e40bdc2af681cdb7730b
-
SHA256
f4eb6874def6fb59224dac5a6b164d297540d40f1b52f6d33ebf654320865ab3
-
SHA512
ee8b0996e991ecbe344e74a41232306866506f1d4e7f5bf4d9d712a285bebc782c33dd1226c4d5c3d1c9e7cc12ef511953d694633fdba7d4aa17ea8b2e1566af
-
SSDEEP
3072:TpG1wfkYFEhNe4VTdRnTT8w4TWQNDJ4alTvPfkTk5G7ZqsmgYcp++og0S7wQzS1y:IwfkYF18ZqK
Static task
static1
Behavioral task
behavioral1
Sample
pum.vbs
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
njnjnjs.duckdns.org:35888
6515f0beea
-
reg_key
6515f0beea
-
splitter
@!#&^%$
Targets
-
-
Target
pum.vbs
-
Size
584KB
-
MD5
850c00a9a4f884920bf998e784deb5ff
-
SHA1
dbc0cbdee0323392f7e1e40bdc2af681cdb7730b
-
SHA256
f4eb6874def6fb59224dac5a6b164d297540d40f1b52f6d33ebf654320865ab3
-
SHA512
ee8b0996e991ecbe344e74a41232306866506f1d4e7f5bf4d9d712a285bebc782c33dd1226c4d5c3d1c9e7cc12ef511953d694633fdba7d4aa17ea8b2e1566af
-
SSDEEP
3072:TpG1wfkYFEhNe4VTdRnTT8w4TWQNDJ4alTvPfkTk5G7ZqsmgYcp++og0S7wQzS1y:IwfkYF18ZqK
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-