General
-
Target
BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO PROCESO #202496-6623600265-9595982-9662256-PDF.vbs.bin
-
Size
68KB
-
Sample
240306-vrge5sdc59
-
MD5
22fb4ae301cb2b4618847ee53a6d3693
-
SHA1
a3f3655b77350aa3a5bb91bb25dbc80003a71c4a
-
SHA256
294a3fdbf3eb9afe824f13ff046eb42b6b683fbcc5e764c4cec481b0cab12b2f
-
SHA512
cc3f7d300722300c3a009fad42e05c8bf3e045f3a7ab9973bd69a1a7d79a230201a9a6ed75a647900c3b8770bea6abf44c41208c6d3b98befb890ca955372a98
-
SSDEEP
1536:zcflVRFy4/y4HaUcNb0xq/K4HVWx525y4Twop0Irb5JmKU6VQ303:QBFy4/y4HR+p0IJJmi3
Static task
static1
Behavioral task
behavioral1
Sample
BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO PROCESO #202496-6623600265-9595982-9662256-PDF.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO PROCESO #202496-6623600265-9595982-9662256-PDF.vbs
Resource
win11-20240221-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
junio2023.duckdns.org:3333
7952b2688d
-
reg_key
7952b2688d
-
splitter
@!#&^%$
Targets
-
-
Target
BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO PROCESO #202496-6623600265-9595982-9662256-PDF.vbs.bin
-
Size
68KB
-
MD5
22fb4ae301cb2b4618847ee53a6d3693
-
SHA1
a3f3655b77350aa3a5bb91bb25dbc80003a71c4a
-
SHA256
294a3fdbf3eb9afe824f13ff046eb42b6b683fbcc5e764c4cec481b0cab12b2f
-
SHA512
cc3f7d300722300c3a009fad42e05c8bf3e045f3a7ab9973bd69a1a7d79a230201a9a6ed75a647900c3b8770bea6abf44c41208c6d3b98befb890ca955372a98
-
SSDEEP
1536:zcflVRFy4/y4HaUcNb0xq/K4HVWx525y4Twop0Irb5JmKU6VQ303:QBFy4/y4HR+p0IJJmi3
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-