Overview

overview

10

Static

static

1

41341421432142134.exe

windows7-x64

10

41341421432142134.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41341421432142134.exe

  • Size

    15.0MB

  • Sample

    230406-sanf1sde57

  • MD5

    281449b8056666050808b02aff84bc13

  • SHA1

    6712e0c0a41c86ed30c0535faaf5d454a470b8ac

  • SHA256

    b0f9d9830884392fa5a8b1fea1d3c7fe0f83120e3a3df86296e5f1a6ed75b760

  • SHA512

    f57da91af00c5bdca4ee6bab338b16aebae4ec2ef594ec47179a4a850f203c9b79e837fb9a455ae87d42a3ef869b00c4fadbb22c6ae816bc015ad4f9814d4635

  • SSDEEP

    49152:dm1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:s

Score
10/10
neshtanjrathackedpersistencespywaretrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

package-read.at.ply.gg:5552

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      41341421432142134.exe

    • Size

      15.0MB

    • MD5

      281449b8056666050808b02aff84bc13

    • SHA1

      6712e0c0a41c86ed30c0535faaf5d454a470b8ac

    • SHA256

      b0f9d9830884392fa5a8b1fea1d3c7fe0f83120e3a3df86296e5f1a6ed75b760

    • SHA512

      f57da91af00c5bdca4ee6bab338b16aebae4ec2ef594ec47179a4a850f203c9b79e837fb9a455ae87d42a3ef869b00c4fadbb22c6ae816bc015ad4f9814d4635

    • SSDEEP

      49152:dm1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:s

    Score
    10/10
    neshtanjrathackedpersistencespywaretrojan

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks