General
-
Target
Borderlands (2022).exe
-
Size
37KB
-
Sample
220711-rpf5taccd7
-
MD5
b78746acb5c3af8c10788e2153e8ce19
-
SHA1
2bf9764b7ed5f7af6173fa59ebf32117259d9d7c
-
SHA256
ba3898beba687bd7ecd81954d5214b6c44f15b2efc4075e8012228f8f35b83c1
-
SHA512
bad7b677bfd4fb6df5ef59f9062bbbb171ad7873fa0a3f27e8f938d68da9dc13d38c7ec9fd85989625fa615868cd2297d91603aca91e3c9103369712734bcca9
Malware Config
Extracted
njrat
im523
Лошок
194.71.126.120:17954
13d65a76848c880b980676c6c1cc6341
-
reg_key
13d65a76848c880b980676c6c1cc6341
-
splitter
|'|'|
Targets
-
-
Target
Borderlands (2022).exe
-
Size
37KB
-
MD5
b78746acb5c3af8c10788e2153e8ce19
-
SHA1
2bf9764b7ed5f7af6173fa59ebf32117259d9d7c
-
SHA256
ba3898beba687bd7ecd81954d5214b6c44f15b2efc4075e8012228f8f35b83c1
-
SHA512
bad7b677bfd4fb6df5ef59f9062bbbb171ad7873fa0a3f27e8f938d68da9dc13d38c7ec9fd85989625fa615868cd2297d91603aca91e3c9103369712734bcca9
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Process Listing)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-