darkcomet | 91298665d8b5a232fe2716e2c8157e966818a8d607bdb2278e8a44a9466e9390 | Triage

Submit
Reports

Overview

overview

Static

static

NjRat 0.7D...on.exe

windows7_x64

Sharing

General

Target

NjRat 0.7D Danger Edition.exe
Size

7.9MB
Sample

220614-kkbafahah8
MD5

3f859b5022a581366df79bfa29300718
SHA1

af42979047b440f08284247a3c17e4b702985655
SHA256

91298665d8b5a232fe2716e2c8157e966818a8d607bdb2278e8a44a9466e9390
SHA512

3ccf088579a7f623d80a58fc93ba51d14d7024406984cb43cf1b59d5ef468612c683aa74b63741a7820a925e875ae7ec76ab2fbbbee5b2a521110e70a938956a

Score

10^/10

darkcomet neshta njrat mediaget persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NjRat 0.7D Danger Edition.exe

Resource

win7-20220414-en

darkcomet neshta njrat mediaget persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MediaGet

C2

OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=

Mutex

e16ca4b3ba16d929041c508a1cd98a13

Attributes

reg_key
e16ca4b3ba16d929041c508a1cd98a13
splitter
|'|'|

Targets

- Target
  
  NjRat 0.7D Danger Edition.exe
- Size
  
  7.9MB
- MD5
  
  3f859b5022a581366df79bfa29300718
- SHA1
  
  af42979047b440f08284247a3c17e4b702985655
- SHA256
  
  91298665d8b5a232fe2716e2c8157e966818a8d607bdb2278e8a44a9466e9390
- SHA512
  
  3ccf088579a7f623d80a58fc93ba51d14d7024406984cb43cf1b59d5ef468612c683aa74b63741a7820a925e875ae7ec76ab2fbbbee5b2a521110e70a938956a
Score

10^/10

darkcomet neshta njrat mediaget persistence rat spyware stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometneshtanjratmediagetpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy