General
-
Target
server.exe
-
Size
149KB
-
Sample
240911-t283ga1flc
-
MD5
6f2e1c1cb75be2e41c2e584ad9519185
-
SHA1
091930c27a0515907848c3ff639f3f9342584e26
-
SHA256
540a9949b24402819b69c2e701ac9a28d8a1f2e6c58fbf7abc63bbc1dc5ce53d
-
SHA512
6c8fc29b79b273785edecefd4fb6f314e9b6780e7c6a7616ff954cab7a1faf47cc5eab2ebdd9df536da45425c9f0249e98a6bda8e65ed5f591de706d82d55a70
-
SSDEEP
1536:JxqjQ+P04wsmJCDcQlwJdMgxHJaAoHoc2x7bZoYBMHJaAoHoc2x7bZoYBS:sr85CDkPJQITxyYoQITxyY0
Malware Config
Targets
-
-
Target
server.exe
-
Size
149KB
-
MD5
6f2e1c1cb75be2e41c2e584ad9519185
-
SHA1
091930c27a0515907848c3ff639f3f9342584e26
-
SHA256
540a9949b24402819b69c2e701ac9a28d8a1f2e6c58fbf7abc63bbc1dc5ce53d
-
SHA512
6c8fc29b79b273785edecefd4fb6f314e9b6780e7c6a7616ff954cab7a1faf47cc5eab2ebdd9df536da45425c9f0249e98a6bda8e65ed5f591de706d82d55a70
-
SSDEEP
1536:JxqjQ+P04wsmJCDcQlwJdMgxHJaAoHoc2x7bZoYBMHJaAoHoc2x7bZoYBS:sr85CDkPJQITxyYoQITxyY0
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
RunningRat payload
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-