Extracted

Extracted

Extracted

• • Target

    attach.pdf/EncriptadoOOKK50.vbs

  • Size

    8.5MB

  • MD5

    fe73937416b78fff5aabab8506b32f60

  • SHA1

    c87bb9695995735f37b46d10db49c0e75deaa26d

  • SHA256

    a937e59c4e8f66f9c60c5725fa85bbd71e3a8fc32ade529ec7620ed81dd1126e

  • SHA512

    231cdeed56ff52c687aba8ae417232402d09535256f68c964e4f503d0b9fb806fbc909dc6afb82f492c29887d74df9676f03913600024d5a8856737d5304e9c2

  • SSDEEP

    768:lm+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m+m++:Q7kwA6P

  Score

  10^/10

  njratnyan catdefense_evasiondiscoveryexecutionpersistencetrojan

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Suspicious use of SetThreadContext

  behavioral1