General
-
Target
Server.exe
-
Size
37KB
-
Sample
220708-mynh2adhf9
-
MD5
af1c7927e6716fd75f9b157df21b417f
-
SHA1
404a3d5822f81a44223291da4b036094a7d8c9de
-
SHA256
fc1715a230a6a8edab55ae8222d4ac535974076f9247aae90b7faab18d0afc9d
-
SHA512
ac78a480904fef8bd4ee3dc4a23710fef1dc63ced991452b8b2734c5969ede615e69f238666a6039d1473901893994d207218dea7741cd418dbf87213f173b52
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:10256
3e83b49e1c07ada2a187c8551629a511
-
reg_key
3e83b49e1c07ada2a187c8551629a511
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
af1c7927e6716fd75f9b157df21b417f
-
SHA1
404a3d5822f81a44223291da4b036094a7d8c9de
-
SHA256
fc1715a230a6a8edab55ae8222d4ac535974076f9247aae90b7faab18d0afc9d
-
SHA512
ac78a480904fef8bd4ee3dc4a23710fef1dc63ced991452b8b2734c5969ede615e69f238666a6039d1473901893994d207218dea7741cd418dbf87213f173b52
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (File Manager Actions)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (File Manager Actions)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-