General
-
Target
902097F4EC380243ED8F72D31297F81C9E99495A66D0B.exe
-
Size
726KB
-
Sample
230314-g663fsga3y
-
MD5
72c37e7b272b24d47d59d7b269e7a56e
-
SHA1
b3d9fbc7bd64ead22b08429a6222f172ea288a88
-
SHA256
902097f4ec380243ed8f72d31297f81c9e99495a66d0bfb550fcdc753b7590c4
-
SHA512
0c0592b3aaceaf4df444bfaad8c356ac02b894df62c3acd5579a2e94d8dd41b314358c888ecc459139e137688df27d48e4632f92987129fc8dc1f4ac7f3e360e
-
SSDEEP
12288:PToPWBv/cpGrU3ywnmKUxBxOC+kye9SI4zJEeG5KI2YtWyBAV:PTbBv5rUXmKoaC+fzGemKI2qc
Static task
static1
Behavioral task
behavioral1
Sample
902097F4EC380243ED8F72D31297F81C9E99495A66D0B.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
Ni50Y3AuZXUubmdyb2suaW8Strik:MTA3MTI=
9dd06b690cd90c449e471e22f62d779d
-
reg_key
9dd06b690cd90c449e471e22f62d779d
-
splitter
|'|'|
Targets
-
-
Target
902097F4EC380243ED8F72D31297F81C9E99495A66D0B.exe
-
Size
726KB
-
MD5
72c37e7b272b24d47d59d7b269e7a56e
-
SHA1
b3d9fbc7bd64ead22b08429a6222f172ea288a88
-
SHA256
902097f4ec380243ed8f72d31297f81c9e99495a66d0bfb550fcdc753b7590c4
-
SHA512
0c0592b3aaceaf4df444bfaad8c356ac02b894df62c3acd5579a2e94d8dd41b314358c888ecc459139e137688df27d48e4632f92987129fc8dc1f4ac7f3e360e
-
SSDEEP
12288:PToPWBv/cpGrU3ywnmKUxBxOC+kye9SI4zJEeG5KI2YtWyBAV:PTbBv5rUXmKoaC+fzGemKI2qc
-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-