General
-
Target
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36
-
Size
623KB
-
Sample
220222-k95wcagcbj
-
MD5
64a169883ffe51e4983ee4c355d579cd
-
SHA1
04bee5866b3a8423b5d49d32d4b6ff215bf04f0b
-
SHA256
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36
-
SHA512
12114110a1c630c748a4bb323fc9c3b353859b75944b60164eb1615783accdd666eedaf3d6987992fec35942b79d742c54342a649a4ebd4b170c9afb72bc4f39
Static task
static1
Behavioral task
behavioral1
Sample
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Russia@1961
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
127.0.0.1:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36
-
Size
623KB
-
MD5
64a169883ffe51e4983ee4c355d579cd
-
SHA1
04bee5866b3a8423b5d49d32d4b6ff215bf04f0b
-
SHA256
2974f47de4efcbe1d9120b9559171c1ce778e74ac24fe3942571f80197b4be36
-
SHA512
12114110a1c630c748a4bb323fc9c3b353859b75944b60164eb1615783accdd666eedaf3d6987992fec35942b79d742c54342a649a4ebd4b170c9afb72bc4f39
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-