General
-
Target
0x000800000001230b-80.dat
-
Size
133KB
-
Sample
230314-g8qhgsdh42
-
MD5
44affd0d82f9b8ef809053dba991a14a
-
SHA1
e63398e4b374ffc20a0d3fea78dac657bd49f6de
-
SHA256
d05edda2b7c085bbed3d5be4ba7b0dc00e807dfdcdcb67a30c9e24f96fed857b
-
SHA512
703a8da05add8c126f1b95808226021d572156b3b5e1ef7f2da0414535ec40953cd3656f060faba40c62811aa2189d396e130bcfccc42bc9b116ff2e3d96d049
-
SSDEEP
1536:JxqjQ+P04wsmJCSOojEwzGi1dD6DOgS4ygmlbrq+1NTZg:sr85CSOZi1dMzHynrq+1NTK
Behavioral task
behavioral1
Sample
0x000800000001230b-80.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
Ni50Y3AuZXUubmdyb2suaW8Strik:MTA3MTI=
9dd06b690cd90c449e471e22f62d779d
-
reg_key
9dd06b690cd90c449e471e22f62d779d
-
splitter
|'|'|
Targets
-
-
Target
0x000800000001230b-80.dat
-
Size
133KB
-
MD5
44affd0d82f9b8ef809053dba991a14a
-
SHA1
e63398e4b374ffc20a0d3fea78dac657bd49f6de
-
SHA256
d05edda2b7c085bbed3d5be4ba7b0dc00e807dfdcdcb67a30c9e24f96fed857b
-
SHA512
703a8da05add8c126f1b95808226021d572156b3b5e1ef7f2da0414535ec40953cd3656f060faba40c62811aa2189d396e130bcfccc42bc9b116ff2e3d96d049
-
SSDEEP
1536:JxqjQ+P04wsmJCSOojEwzGi1dD6DOgS4ygmlbrq+1NTZg:sr85CSOZi1dMzHynrq+1NTK
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-