General
-
Target
bb7fbf7dfd559af71db3c355d97214d26d2098f69ae959303184c534dd059c44
-
Size
110KB
-
Sample
220524-1m879ahbc9
-
MD5
c9d0eece004f12a6a018b45cb1f3a436
-
SHA1
ae37507040318d5e686ed3684caf26aa1d7c554d
-
SHA256
bb7fbf7dfd559af71db3c355d97214d26d2098f69ae959303184c534dd059c44
-
SHA512
f1765d0f16bf34cf118c7a85af8dd80ec6a80044e5ad85ce422dd241488fa74b3cedb98cdc7a529b099b3c6cc91c08d31e2312205c67ea2c55dde91e80926f54
Static task
static1
Behavioral task
behavioral1
Sample
bb7fbf7dfd559af71db3c355d97214d26d2098f69ae959303184c534dd059c44.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.6.4
HacKed
45.134.220.164:9797
5f805e177fa7c673482c92c255460b67
-
reg_key
5f805e177fa7c673482c92c255460b67
-
splitter
|'|'|
Targets
-
-
Target
bb7fbf7dfd559af71db3c355d97214d26d2098f69ae959303184c534dd059c44
-
Size
110KB
-
MD5
c9d0eece004f12a6a018b45cb1f3a436
-
SHA1
ae37507040318d5e686ed3684caf26aa1d7c554d
-
SHA256
bb7fbf7dfd559af71db3c355d97214d26d2098f69ae959303184c534dd059c44
-
SHA512
f1765d0f16bf34cf118c7a85af8dd80ec6a80044e5ad85ce422dd241488fa74b3cedb98cdc7a529b099b3c6cc91c08d31e2312205c67ea2c55dde91e80926f54
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-