Overview

overview

10

Static

static

10

builder #6.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    builder #6.exe

  • Size

    2.5MB

  • Sample

    230702-t4lpysdc6t

  • MD5

    499091c7abf557b118b75643844121a6

  • SHA1

    13f2057bd1e4d9271ccd63c5d55e44974a3505c0

  • SHA256

    00636c896c7b9d094a21531b4d35d25b977491a1a0d0c25171b145b7ef6156e4

  • SHA512

    0e635c04538c7362acc6a40f114262e815993baa199633609893708c6404437edadceaeef3e34599c705eeed52d19d55e7c656b72c3e072da40f35596300ef87

  • SSDEEP

    49152:4ZX8rrazq8RyOdT4xC61GyNv5rn0KtX2X8SPSecV:4ZHzq+8xn1dhptXNSqXV

Score
10/10
neshtanjratyoutubepersistencespywarestealertrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Youtube

C2

house-induced.at.ply.gg:42235

Mutex

aa334bb4a5ba8e94fe328c2fa3c29511

Attributes
  • reg_key

    aa334bb4a5ba8e94fe328c2fa3c29511

  • splitter

    |'|'|

Targets

    • Target

      builder #6.exe

    • Size

      2.5MB

    • MD5

      499091c7abf557b118b75643844121a6

    • SHA1

      13f2057bd1e4d9271ccd63c5d55e44974a3505c0

    • SHA256

      00636c896c7b9d094a21531b4d35d25b977491a1a0d0c25171b145b7ef6156e4

    • SHA512

      0e635c04538c7362acc6a40f114262e815993baa199633609893708c6404437edadceaeef3e34599c705eeed52d19d55e7c656b72c3e072da40f35596300ef87

    • SSDEEP

      49152:4ZX8rrazq8RyOdT4xC61GyNv5rn0KtX2X8SPSecV:4ZHzq+8xn1dhptXNSqXV

    Score
    10/10
    neshtanjratyoutubepersistencespywarestealertrojan

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks