neshta | 3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56 | Triage

Submit
Reports

Overview

overview

Static

static

3a923993e8...56.exe

windows7_x64

3a923993e8...56.exe

windows10-2004_x64

Sharing

General

Target

3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56
Size

129KB
Sample

220625-dfwbgsbebk
MD5

e8c9a2905b86ab77e6a0db50ecff3c10
SHA1

ab3a02c180404722d399e671ed4b1973bc03c8ce
SHA256

3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56
SHA512

d213916918dc973dde4df998e537bfa2f5c97e34eb5172e860f0dc12a6be2360357a8d134dbb843536362263a153e34e2f3173a997ad119c61d4359a190b8542

Score

10^/10

neshta njrat hacked evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56.exe

Resource

win7-20220414-en

neshta njrat hacked evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56.exe

Resource

win10v2004-20220414-en

neshta njrat hacked evasion persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ramial.no-ip.biz:1257

Mutex

e226bbcb766435e5c6575e6b41aa5e6d

Attributes

reg_key
e226bbcb766435e5c6575e6b41aa5e6d
splitter
|'|'|

Targets

- Target
  
  3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56
- Size
  
  129KB
- MD5
  
  e8c9a2905b86ab77e6a0db50ecff3c10
- SHA1
  
  ab3a02c180404722d399e671ed4b1973bc03c8ce
- SHA256
  
  3a923993e88010cc912d2784a3793855f7c362fe5e06ccb067c3dfce4155bb56
- SHA512
  
  d213916918dc973dde4df998e537bfa2f5c97e34eb5172e860f0dc12a6be2360357a8d134dbb843536362263a153e34e2f3173a997ad119c61d4359a190b8542
Score

10^/10

neshta njrat hacked evasion persistence spyware stealer trojan
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtanjrathackedevasionpersistencespywarestealertrojan

behavioral2

neshtanjrathackedevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy