neshta | 2024-07-09_9821ba3da5c5b5c613f2301326128a80_karagany_mafia_njrat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_9821ba3da5c5b5c613f2301326128a80_karagany_mafia_njrat
Size

11.7MB
MD5

9821ba3da5c5b5c613f2301326128a80
SHA1

db697dc1f545696b0b107f34933853b8d63d4849
SHA256

3d6ea37786847616ecf81f7b7bdfdd7d2c3c58da83e41588cdb12895d496d4db
SHA512

c28e93a183362efda08a678b5610f1e79a9e2f050910cbe4a0716dfcabe94c9e54186cba63bcad1817eb48dfcbe9ecd6e2e93cc16bc0eb138806369a16ecd834
SSDEEP

196608:p7bmQDIJzN0rl/RNfrOzDzRgIurg8dCMZqWlggN2M:RKQO0rl/RRSgIurgjyGgN2M

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_9821ba3da5c5b5c613f2301326128a80_karagany_mafia_njrat

Files

2024-07-09_9821ba3da5c5b5c613f2301326128a80_karagany_mafia_njrat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\hp\documents\visual studio 2010\Projects\wow\wow\obj\x86\Debug\wow.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ