General
-
Target
Archivo_pdf_01452.vbs
-
Size
160KB
-
Sample
240129-y3le1sbdhj
-
MD5
556f33bc86b31d10d6402419d4747da6
-
SHA1
7a2d9e7371a450ef24b7b3d2c411a642120e00bb
-
SHA256
6943f56deaff3c7592b3fb12b1bf899244db6c22e4883fc8e16481d8fff1ace9
-
SHA512
9008001899ab614a3ef1402cc029a87fc9e31e630a78156dcbf439a34819252522e447407c6a9d1487a3b63d9db3e3346461a0e5ca75cca2bc3583e5dd78d151
-
SSDEEP
3072:1EYIx9r31rZWX13II19LYc0DF1E0NPP98M7cshETkPGlQf+XXjzo:G1x9r31rZWX13II19LYc0DF1E0NPP98w
Static task
static1
Behavioral task
behavioral1
Sample
Archivo_pdf_01452.vbs
Resource
win7-20231129-en
Malware Config
Extracted
https://wallpapercave.com/uwp/uwp4241942.png
https://wallpapercave.com/uwp/uwp4241942.png
Extracted
njrat
0.7NC
NYAN CAT
adminash.duckdns.org:5552
7e96608a8e474692
-
reg_key
7e96608a8e474692
-
splitter
@!#&^%$
Targets
-
-
Target
Archivo_pdf_01452.vbs
-
Size
160KB
-
MD5
556f33bc86b31d10d6402419d4747da6
-
SHA1
7a2d9e7371a450ef24b7b3d2c411a642120e00bb
-
SHA256
6943f56deaff3c7592b3fb12b1bf899244db6c22e4883fc8e16481d8fff1ace9
-
SHA512
9008001899ab614a3ef1402cc029a87fc9e31e630a78156dcbf439a34819252522e447407c6a9d1487a3b63d9db3e3346461a0e5ca75cca2bc3583e5dd78d151
-
SSDEEP
3072:1EYIx9r31rZWX13II19LYc0DF1E0NPP98M7cshETkPGlQf+XXjzo:G1x9r31rZWX13II19LYc0DF1E0NPP98w
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-