General
-
Target
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715
-
Size
93KB
-
Sample
221128-ypvrjacg95
-
MD5
f65df29a59415e14d49c816ac2d7b474
-
SHA1
e622829ce029cbd1387bbcdecb417b314200b324
-
SHA256
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715
-
SHA512
6072a7b0e06f2e4a65436abe6cb688f6183b47d09af93ddb192b37a730c5a7c5997364defa0ddb27550dcf02f3cc8ca6aa709ef9cf12bbcad8b9b44db73c126e
-
SSDEEP
1536:JxqjQ+P04wsmJCQBcK/BXr7SGug9aKhG29jKvEDwrKKSz+8:sr85CQBcK/BXyGucVA29ZFKSb
Behavioral task
behavioral1
Sample
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.6.4
مہٰسہٰتہٰشہٰار عہۧزرأئہۧيہۧل ضہۧآغہۧطہۧهہۧمے
my90.no-ip.org:9928
8515eb34d8f9de5af815466e9715b3e5
-
reg_key
8515eb34d8f9de5af815466e9715b3e5
-
splitter
|'|'|
Targets
-
-
Target
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715
-
Size
93KB
-
MD5
f65df29a59415e14d49c816ac2d7b474
-
SHA1
e622829ce029cbd1387bbcdecb417b314200b324
-
SHA256
e81474fb03ced36f7dc529d7ceb9d114dfa3aa3bd1436fa0d595b403c0b2c715
-
SHA512
6072a7b0e06f2e4a65436abe6cb688f6183b47d09af93ddb192b37a730c5a7c5997364defa0ddb27550dcf02f3cc8ca6aa709ef9cf12bbcad8b9b44db73c126e
-
SSDEEP
1536:JxqjQ+P04wsmJCQBcK/BXr7SGug9aKhG29jKvEDwrKKSz+8:sr85CQBcK/BXyGucVA29ZFKSb
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-