General
-
Target
Informacion_Detallada_Deuda_Dian_20230719_pdf.vbs
-
Size
385KB
-
Sample
230721-vf1pmsfe32
-
MD5
a640364846274e9da426b560a4df12dc
-
SHA1
f88328cc6f8907ab700f845542f17ccf3cd677c2
-
SHA256
2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457
-
SHA512
bd8bbd2647a043ebf47302c538a7d09c7da7ac0c46117ce0a50a7c2a74f63203be4fe2a4547dbc38b8399acccaef7e6dac078f21bcc7fe62babb9371505937ce
-
SSDEEP
3072:35XNsn1+7HLDVZeMxzakxTOvsp7zSty8NxF50hfp/TIYbdHznXmxLJIrCsS4CYuC:4n+SMxzakB2ty8NxF50hfp/TR
Static task
static1
Behavioral task
behavioral1
Sample
Informacion_Detallada_Deuda_Dian_20230719_pdf.vbs
Resource
win7-20230712-es
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
todosnj4343.duckdns.org:4343
91870a25e1f
-
reg_key
91870a25e1f
-
splitter
@!#&^%$
Targets
-
-
Target
Informacion_Detallada_Deuda_Dian_20230719_pdf.vbs
-
Size
385KB
-
MD5
a640364846274e9da426b560a4df12dc
-
SHA1
f88328cc6f8907ab700f845542f17ccf3cd677c2
-
SHA256
2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457
-
SHA512
bd8bbd2647a043ebf47302c538a7d09c7da7ac0c46117ce0a50a7c2a74f63203be4fe2a4547dbc38b8399acccaef7e6dac078f21bcc7fe62babb9371505937ce
-
SSDEEP
3072:35XNsn1+7HLDVZeMxzakxTOvsp7zSty8NxF50hfp/TIYbdHznXmxLJIrCsS4CYuC:4n+SMxzakB2ty8NxF50hfp/TR
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-