General
-
Target
dangggg.exe
-
Size
15.0MB
-
Sample
230406-sbwh1sde64
-
MD5
f0e8fb56bb2205e5ff21e029a1ab578e
-
SHA1
a6591c3137bf41de178e7c25ea12cb40c1d0d332
-
SHA256
5553c3a87005846608217c73fd355deba05cc011d404c5ac23c66ebec970897a
-
SHA512
d3c2b6748e083ee288c02d40bd7a778a8de74eecbd6193f17a488508a62f079905d6bf2becb30aa2d905a2f4094e5f35f86a9e3ccaa716e481a75b5d0f3bdee6
-
SSDEEP
49152:dS1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:4
Static task
static1
Behavioral task
behavioral1
Sample
dangggg.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v2.0
HacKed
package-read.at.ply.gg:27014
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
dangggg.exe
-
Size
15.0MB
-
MD5
f0e8fb56bb2205e5ff21e029a1ab578e
-
SHA1
a6591c3137bf41de178e7c25ea12cb40c1d0d332
-
SHA256
5553c3a87005846608217c73fd355deba05cc011d404c5ac23c66ebec970897a
-
SHA512
d3c2b6748e083ee288c02d40bd7a778a8de74eecbd6193f17a488508a62f079905d6bf2becb30aa2d905a2f4094e5f35f86a9e3ccaa716e481a75b5d0f3bdee6
-
SSDEEP
49152:dS1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:4
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-