General
-
Target
7H2B1N27_PAYMENT_RECEIPT.vbs
-
Size
2KB
-
Sample
220105-j9ll2aaba5
-
MD5
1cf9e3a75322042644a95e4d9eb359bc
-
SHA1
27469cadb09a071e5ee98e6a6492bf1ee16bd170
-
SHA256
7ad872e2d279268cc3107a90337b4beb3be0fc888668d60e6995d64b8955b2e6
-
SHA512
a97d371a84e9ec64821022d64439ac6b04befe0fc2b4231b721450cbc12d70cc3232a53df936a4158e8c5e380c66ef6d1dff66aff4c0b5909652b3dc4f7a41ad
Static task
static1
Behavioral task
behavioral1
Sample
7H2B1N27_PAYMENT_RECEIPT.vbs
Resource
win7-en-20211208
Malware Config
Extracted
https://transfer.sh/get/BKC469/HHHHHHHHHHHHHHHH.txt
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
7H2B1N27_PAYMENT_RECEIPT.vbs
-
Size
2KB
-
MD5
1cf9e3a75322042644a95e4d9eb359bc
-
SHA1
27469cadb09a071e5ee98e6a6492bf1ee16bd170
-
SHA256
7ad872e2d279268cc3107a90337b4beb3be0fc888668d60e6995d64b8955b2e6
-
SHA512
a97d371a84e9ec64821022d64439ac6b04befe0fc2b4231b721450cbc12d70cc3232a53df936a4158e8c5e380c66ef6d1dff66aff4c0b5909652b3dc4f7a41ad
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-