neshta | f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a | Triage

Submit
Reports

Overview

overview

Static

static

f7cb6d99da...3a.exe

windows7-x64

f7cb6d99da...3a.exe

windows10-2004-x64

Sharing

General

Target

f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a
Size

1.4MB
Sample

221126-1ph4vabd8t
MD5

8365e42574d2d4d21e9442c58d14023a
SHA1

90d11f875cfd06a758b425a1c52b63bc426a77f1
SHA256

f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a
SHA512

e682ccfaca84deb03911fff659d755e34d280698ba5601702eb3b8e38a934edf8f6f5603fd591d250d749fbc84727c1e7b68116c1aa1e45a111e24609d4b10c7
SSDEEP

12288:Mls1nC+xpwcRrabrMoQ3Mls1nC+xpE05uuML+CHz7mjiuCzQl+D387h+y9PB22lG:PsnMoQ3PilNbzqMzQADs7h+EJJl

Score

10^/10

neshta njrat تشفير كلين xor evasion persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a.exe

Resource

win7-20220812-en

neshta njrat تشفير كلين xor evasion persistence spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a.exe

Resource

win10v2004-20220812-en

neshta njrat evasion persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

تشفير كلين xor

C2

mrhackeralisaad.ddns.net:14789

Mutex

c6fae74375b915979c7c26341c1a9e41

Attributes

reg_key
c6fae74375b915979c7c26341c1a9e41
splitter
|'|'|

Targets

- Target
  
  f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a
- Size
  
  1.4MB
- MD5
  
  8365e42574d2d4d21e9442c58d14023a
- SHA1
  
  90d11f875cfd06a758b425a1c52b63bc426a77f1
- SHA256
  
  f7cb6d99da2237b9ab3c2545f00aa0dc4b2dfda9cdc9c49824c65efb154e853a
- SHA512
  
  e682ccfaca84deb03911fff659d755e34d280698ba5601702eb3b8e38a934edf8f6f5603fd591d250d749fbc84727c1e7b68116c1aa1e45a111e24609d4b10c7
- SSDEEP
  
  12288:Mls1nC+xpwcRrabrMoQ3Mls1nC+xpE05uuML+CHz7mjiuCzQl+D387h+y9PB22lG:PsnMoQ3PilNbzqMzQADs7h+EJJl
Score

10^/10

neshta njrat تشفير كلين xor evasion persistence spyware trojan stealer
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtanjratتشفير كلين xorevasionpersistencespywaretrojan

behavioral2

neshtanjratevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy