General
-
Target
CamScanner 025-07-2023 15.25.uu
-
Size
2KB
-
Sample
230706-gs581aaf21
-
MD5
792ceb033fead6ccf4d1ce2a84d1c6f5
-
SHA1
d12c2ba7f1986985a6edfb4aea8ca16177c6a361
-
SHA256
8ced75585f5c98ffd2b4da5038b2e8f075388b5379f81cd4c8806e9564004989
-
SHA512
3b4643ae44cd0d622da40013aee7663f4ca704c4e522b2c94e3f640a7b7c68dbd96e2fae22536c0a1d598dd6eb65a4397243448245ef1a58a64fd020d8f88120
Static task
static1
Behavioral task
behavioral1
Sample
CamScanner 025-07-2023 15.25.vbs
Resource
win7-20230703-en
Malware Config
Extracted
https://pastebin.com/raw/dstpKjTz
Extracted
njrat
0.7.3
Lime
marianajoselime1101.duckdns.org:1101
Client.exe
-
reg_key
Client.exe
-
splitter
1234
Targets
-
-
Target
CamScanner 025-07-2023 15.25.vbs
-
Size
217KB
-
MD5
b42a87075fca0cde6ca7bdaeb9060462
-
SHA1
3c844a298bb1145b09345f53c9715ead2382a6d9
-
SHA256
38c24884f4544a32244e520a0868f0a3339f674d25359b6f9a75db6616ee25c4
-
SHA512
e5ff9878190be2bc37c6d1a966b5ff109b733bd6cbf8b7cbc4c2d2fc5c67ffdc82b92df03f92e5cea8b3716dc5a174836daec6f2cd433fc60af5a8b35d53f7cb
-
SSDEEP
3072:i5d6525555555e555555555555p5555Gu0555tR:y
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-