General
-
Target
c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1
-
Size
271B
-
Sample
240502-qt931sca88
-
MD5
b9acaac18eee9b5cde0c6defbe2c1caa
-
SHA1
6f8cb34d61f9136e96345684846edf49dfa976bc
-
SHA256
c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1
-
SHA512
70c8b3742c98e1daf2c7fda40c992621c2250a9dac648c4798370697f5688e1883162079909dd245a33fc064a843a94f84c7399b99bae9b6418a47b3c5e75e12
Static task
static1
Behavioral task
behavioral1
Sample
c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1.vbs
Resource
win7-20240220-en
Malware Config
Extracted
https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/SidM.jpg?alt=media&token=53ed6ff5-09e0-4464-a19c-f0e9d9c6cec8
Extracted
https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/Ssid.jpg?alt=media&token=10629c63-3c23-437a-9543-4f9dcee695bb
https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/Rnew.jpg?alt=media&token=d68ad7e3-80ed-4083-ad53-8af401c5b503
Extracted
njrat
0.7d
H
-
splitter
|'|'|
Targets
-
-
Target
c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1
-
Size
271B
-
MD5
b9acaac18eee9b5cde0c6defbe2c1caa
-
SHA1
6f8cb34d61f9136e96345684846edf49dfa976bc
-
SHA256
c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1
-
SHA512
70c8b3742c98e1daf2c7fda40c992621c2250a9dac648c4798370697f5688e1883162079909dd245a33fc064a843a94f84c7399b99bae9b6418a47b3c5e75e12
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-