General
-
Target
иуеr.exe
-
Size
25KB
-
Sample
220522-wxnbbaagf6
-
MD5
ae72c198c0825712f203e258571c0e87
-
SHA1
066ef64d5f5bb96e1714247c97aaf291907a7b3f
-
SHA256
7237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
-
SHA512
a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
Static task
static1
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3582-490\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gay
7.tcp.eu.ngrok.io:14345
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
иуеr.exe
-
Size
25KB
-
MD5
ae72c198c0825712f203e258571c0e87
-
SHA1
066ef64d5f5bb96e1714247c97aaf291907a7b3f
-
SHA256
7237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
-
SHA512
a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Change Default File Association
1Registry Run Keys / Startup Folder
1Scheduled Task
1Hidden Files and Directories
1Defense Evasion
Modify Registry
5File Deletion
2File Permissions Modification
1Hidden Files and Directories
1