General
-
Target
CARPETADEFOLIOYACTAENTREG.vbs
-
Size
217KB
-
Sample
230709-xy148sfd66
-
MD5
507c852d53b771937d44ead89ce445db
-
SHA1
2f17ed49c003a72b62999ce724ff28f4eafaed04
-
SHA256
7bec8c3246503b9a6af722a1f3316a2237b1403042b1879bf2372c4dd3a54d83
-
SHA512
94214e31e75cd14893282e6c06b66b66a2329d4bbe5902c143fcd1721004e5a8bc477ac38f8baa093855ddb4a2a9e1cfddbcba1380af9eeadd4c85fe146a4a38
-
SSDEEP
768:NvusaTjVXQHIqBSp41bHmjlXNuANZ9hRFp3iN7VK632A/1WDs9lhoFecNocWae+u:NxafVXnqBSp41SqkFFp3iTKC2AsDlFNI
Static task
static1
Behavioral task
behavioral1
Sample
CARPETADEFOLIOYACTAENTREG.vbs
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
CARPETADEFOLIOYACTAENTREG.vbs
Resource
win10v2004-20230703-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
nj0509.duckdns.org:0509
6ce9672712ba4490be
-
reg_key
6ce9672712ba4490be
-
splitter
@!#&^%$
Targets
-
-
Target
CARPETADEFOLIOYACTAENTREG.vbs
-
Size
217KB
-
MD5
507c852d53b771937d44ead89ce445db
-
SHA1
2f17ed49c003a72b62999ce724ff28f4eafaed04
-
SHA256
7bec8c3246503b9a6af722a1f3316a2237b1403042b1879bf2372c4dd3a54d83
-
SHA512
94214e31e75cd14893282e6c06b66b66a2329d4bbe5902c143fcd1721004e5a8bc477ac38f8baa093855ddb4a2a9e1cfddbcba1380af9eeadd4c85fe146a4a38
-
SSDEEP
768:NvusaTjVXQHIqBSp41bHmjlXNuANZ9hRFp3iN7VK632A/1WDs9lhoFecNocWae+u:NxafVXnqBSp41SqkFFp3iTKC2AsDlFNI
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-