General
-
Target
721216f6098893f78ccb62cff66865d99574bb84037ba362dc34d1701c998aa7
-
Size
219KB
-
Sample
221126-r6apcsef8s
-
MD5
59dc3967141ca52cb7ca453e49466c2c
-
SHA1
1e8b462485397258d714de677bb51c39c0ad71bd
-
SHA256
721216f6098893f78ccb62cff66865d99574bb84037ba362dc34d1701c998aa7
-
SHA512
1dc35f36cdc9ba324dbe2111a184e8c32f8028f0e64b70632d0b3cb335067425540ea2e6d8277952210b59b5fa9895409061dfb79a51bc73bf5d0aa5935ac81f
-
SSDEEP
3072:y07eXGQEShPWt1/2Rxvbd44G2vt2e+AVCm+QKNFknJG39OsTh3m28LWv1:8GtSVO1+RVhG8keXv2K/K
Malware Config
Extracted
njrat
0.6.4
غروف الثالث
wwee222.zapto.org:443
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
721216f6098893f78ccb62cff66865d99574bb84037ba362dc34d1701c998aa7
-
Size
219KB
-
MD5
59dc3967141ca52cb7ca453e49466c2c
-
SHA1
1e8b462485397258d714de677bb51c39c0ad71bd
-
SHA256
721216f6098893f78ccb62cff66865d99574bb84037ba362dc34d1701c998aa7
-
SHA512
1dc35f36cdc9ba324dbe2111a184e8c32f8028f0e64b70632d0b3cb335067425540ea2e6d8277952210b59b5fa9895409061dfb79a51bc73bf5d0aa5935ac81f
-
SSDEEP
3072:y07eXGQEShPWt1/2Rxvbd44G2vt2e+AVCm+QKNFknJG39OsTh3m28LWv1:8GtSVO1+RVhG8keXv2K/K
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-