General
-
Target
3131321312313.exe
-
Size
15.0MB
-
Sample
230407-v4n1rahh64
-
MD5
504211aeace6ca8f70cc00a3215bda05
-
SHA1
502d5280f10f867627ed24e5dc297c3a5badcc28
-
SHA256
98191390feded2c9b9bea4acfc3782067624502a702e4929ab3967e1e5cc47ae
-
SHA512
cec60bfe8c941b18d32f6493ab1c2b784143e39577e4e5e33ecb75ba8412ff34f5e49da880c5a8482e4b30b7ed6ff095d160bf28b4866fdd1422bf2b224c6501
-
SSDEEP
49152:dz1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:B
Static task
static1
Behavioral task
behavioral1
Sample
3131321312313.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v2.0
HacKed
there-carol.at.ply.gg:5855
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
3131321312313.exe
-
Size
15.0MB
-
MD5
504211aeace6ca8f70cc00a3215bda05
-
SHA1
502d5280f10f867627ed24e5dc297c3a5badcc28
-
SHA256
98191390feded2c9b9bea4acfc3782067624502a702e4929ab3967e1e5cc47ae
-
SHA512
cec60bfe8c941b18d32f6493ab1c2b784143e39577e4e5e33ecb75ba8412ff34f5e49da880c5a8482e4b30b7ed6ff095d160bf28b4866fdd1422bf2b224c6501
-
SSDEEP
49152:dz1B3kbWTQmYOXQB8eBVhTBUenNT9xaI/Ak3OQaa1ePdql7p3ib/fo1VOaf3sOk7:B
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-