General
-
Target
a640364846274e9da426b560a4df12dc.bin
-
Size
36KB
-
Sample
230723-cht1rsde7w
-
MD5
29d0452d26bc1a1bd41f55b535a79c3f
-
SHA1
a12af5f0d9ed53aa538f9b62de3e7f13eaf1b9bf
-
SHA256
209b241c35376f2954b4a7ef74062da06d5e8d3cb4c75244e3d7c075bf62290b
-
SHA512
1fd22f9ab580994377abf3dd82c3f69e09a8b365cdcb21b5a2bb7982afcbf3a3c46d4df8851b90b6bdde9b7fb32fb2876eb37ae778f3c1135669787baa57a0c8
-
SSDEEP
768:K54A/giaMrYyE3GNODROVUx/Z8MtQ2hEoFvg5/+MI1sWvQ6yQ:KOmUx3608VSx8MeS1Fvg5mLFvQRQ
Static task
static1
Behavioral task
behavioral1
Sample
2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457.vbs
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
todosnj4343.duckdns.org:4343
91870a25e1f
-
reg_key
91870a25e1f
-
splitter
@!#&^%$
Targets
-
-
Target
2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457.vbs
-
Size
385KB
-
MD5
a640364846274e9da426b560a4df12dc
-
SHA1
f88328cc6f8907ab700f845542f17ccf3cd677c2
-
SHA256
2ef96a32a575cbef0ac72b1e301112e6f82cab710167ef70a7bc0b77fda1f457
-
SHA512
bd8bbd2647a043ebf47302c538a7d09c7da7ac0c46117ce0a50a7c2a74f63203be4fe2a4547dbc38b8399acccaef7e6dac078f21bcc7fe62babb9371505937ce
-
SSDEEP
3072:35XNsn1+7HLDVZeMxzakxTOvsp7zSty8NxF50hfp/TIYbdHznXmxLJIrCsS4CYuC:4n+SMxzakB2ty8NxF50hfp/TR
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-