General
-
Target
Ad8556545S2125565444l55645554S4456M50001_pdf.vbs
-
Size
319KB
-
Sample
230710-lln4cshf49
-
MD5
f8b41b499604e82eb0e6510383a90e34
-
SHA1
b5699fd8dba7bc35ea5946af35e8ea51a58ea4b6
-
SHA256
7bb19c68aaf145e837e104b39f5c2b967d52191eb8e71846ac8e697d3c027873
-
SHA512
efc632012ba97d3d091799fba09058f6bee3fd6780d859931c5dfeeace49003f0ac620950dc247af669701661f94aa27dc65b292c803971324bc1076f2742c78
-
SSDEEP
192:iTvQpQjcZZZMC/C2zOzYEAPK+aQyleZ4nUlypKr:izQpQjwnj/C2zOzYEAy+Hy4ZeUlypKr
Static task
static1
Behavioral task
behavioral1
Sample
Ad8556545S2125565444l55645554S4456M50001_pdf.vbs
Resource
win7-20230703-en
Malware Config
Extracted
http://cryptersandtools.minhacasa.tv/e/e
Extracted
njrat
0.7NC
NYAN CAT
todosnj4343.duckdns.org:4343
91870a25e1f
-
reg_key
91870a25e1f
-
splitter
@!#&^%$
Targets
-
-
Target
Ad8556545S2125565444l55645554S4456M50001_pdf.vbs
-
Size
319KB
-
MD5
f8b41b499604e82eb0e6510383a90e34
-
SHA1
b5699fd8dba7bc35ea5946af35e8ea51a58ea4b6
-
SHA256
7bb19c68aaf145e837e104b39f5c2b967d52191eb8e71846ac8e697d3c027873
-
SHA512
efc632012ba97d3d091799fba09058f6bee3fd6780d859931c5dfeeace49003f0ac620950dc247af669701661f94aa27dc65b292c803971324bc1076f2742c78
-
SSDEEP
192:iTvQpQjcZZZMC/C2zOzYEAPK+aQyleZ4nUlypKr:izQpQjwnj/C2zOzYEAy+Hy4ZeUlypKr
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-