General
-
Target
Server.exe
-
Size
37KB
-
Sample
220708-rbwcksdbdp
-
MD5
15e266280b3caa39b7829453bd771dd5
-
SHA1
21608df44ff71e39743c3ea4d07f32e0b8726f91
-
SHA256
5b275162c06c33d6601928193bb6bd880dd8e027cce78960b56ac69bd4376d27
-
SHA512
ada46e2a0df5662f591f896b3e0a90a6ec94788461d6d5052dee6d86b2fa26f9b84e7be6083844d3c234e717238bb8ea55ad9611846be9649f984fe9d2a1378a
Malware Config
Extracted
njrat
im523
лох
4.tcp.eu.ngrok.io:17082
3984571c29abcb362efb9e7c55ff9960
-
reg_key
3984571c29abcb362efb9e7c55ff9960
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
15e266280b3caa39b7829453bd771dd5
-
SHA1
21608df44ff71e39743c3ea4d07f32e0b8726f91
-
SHA256
5b275162c06c33d6601928193bb6bd880dd8e027cce78960b56ac69bd4376d27
-
SHA512
ada46e2a0df5662f591f896b3e0a90a6ec94788461d6d5052dee6d86b2fa26f9b84e7be6083844d3c234e717238bb8ea55ad9611846be9649f984fe9d2a1378a
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-