General
-
Target
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683.rar
-
Size
17KB
-
Sample
240130-neacqsegg6
-
MD5
7540661c1ec20c127e384c0ec87059b5
-
SHA1
42c0c16e35e047566d33d327973149b1253ead69
-
SHA256
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683
-
SHA512
25e5cf3c4fefec796165c671d00f75137e347dc24e6618b000b569cb0d952c8d4359b8280bcdc541ac86acc6973ae1980ae6b459a916c38d46c26819a70efdc9
-
SSDEEP
384:OwokiBZvjU+bmXSR6QhlmIv1rXpl7SWzIWCTqi/2i4B158Z5W+q1n32:Zo9U+bYSR64QIvFX0WCTqi547+inm
Static task
static1
Behavioral task
behavioral1
Sample
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683.rar
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Archivo_pdf_01452.vbs
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Archivo_pdf_01452.vbs
Resource
win10v2004-20231215-en
Malware Config
Extracted
https://wallpapercave.com/uwp/uwp4241942.png
https://wallpapercave.com/uwp/uwp4241942.png
Extracted
njrat
0.7NC
NYAN CAT
adminash.duckdns.org:5552
7e96608a8e474692
-
reg_key
7e96608a8e474692
-
splitter
@!#&^%$
Targets
-
-
Target
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683.rar
-
Size
17KB
-
MD5
7540661c1ec20c127e384c0ec87059b5
-
SHA1
42c0c16e35e047566d33d327973149b1253ead69
-
SHA256
9141e24b1d0d86eb68a9cc1cde0e845e7d7130b4e53fce9cff229eb214512683
-
SHA512
25e5cf3c4fefec796165c671d00f75137e347dc24e6618b000b569cb0d952c8d4359b8280bcdc541ac86acc6973ae1980ae6b459a916c38d46c26819a70efdc9
-
SSDEEP
384:OwokiBZvjU+bmXSR6QhlmIv1rXpl7SWzIWCTqi/2i4B158Z5W+q1n32:Zo9U+bYSR64QIvFX0WCTqi547+inm
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Archivo_pdf_01452.vbs
-
Size
160KB
-
MD5
556f33bc86b31d10d6402419d4747da6
-
SHA1
7a2d9e7371a450ef24b7b3d2c411a642120e00bb
-
SHA256
6943f56deaff3c7592b3fb12b1bf899244db6c22e4883fc8e16481d8fff1ace9
-
SHA512
9008001899ab614a3ef1402cc029a87fc9e31e630a78156dcbf439a34819252522e447407c6a9d1487a3b63d9db3e3346461a0e5ca75cca2bc3583e5dd78d151
-
SSDEEP
3072:1EYIx9r31rZWX13II19LYc0DF1E0NPP98M7cshETkPGlQf+XXjzo:G1x9r31rZWX13II19LYc0DF1E0NPP98w
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-