General
-
Target
41341421432142134.exe
-
Size
15.0MB
-
Sample
230406-sanf1sde57
-
MD5
281449b8056666050808b02aff84bc13
-
SHA1
6712e0c0a41c86ed30c0535faaf5d454a470b8ac
-
SHA256
b0f9d9830884392fa5a8b1fea1d3c7fe0f83120e3a3df86296e5f1a6ed75b760
-
SHA512
f57da91af00c5bdca4ee6bab338b16aebae4ec2ef594ec47179a4a850f203c9b79e837fb9a455ae87d42a3ef869b00c4fadbb22c6ae816bc015ad4f9814d4635
-
SSDEEP
49152:dm1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:s
Static task
static1
Behavioral task
behavioral1
Sample
41341421432142134.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v2.0
HacKed
package-read.at.ply.gg:5552
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
41341421432142134.exe
-
Size
15.0MB
-
MD5
281449b8056666050808b02aff84bc13
-
SHA1
6712e0c0a41c86ed30c0535faaf5d454a470b8ac
-
SHA256
b0f9d9830884392fa5a8b1fea1d3c7fe0f83120e3a3df86296e5f1a6ed75b760
-
SHA512
f57da91af00c5bdca4ee6bab338b16aebae4ec2ef594ec47179a4a850f203c9b79e837fb9a455ae87d42a3ef869b00c4fadbb22c6ae816bc015ad4f9814d4635
-
SSDEEP
49152:dm1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:s
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-