General
-
Target
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53N.exe
-
Size
5.2MB
-
Sample
241206-ktmptszjdy
-
MD5
4786e70687f230ac3d08946bd3b08540
-
SHA1
bcc4228899c875d3444be0830b5e4bdd5d9b096a
-
SHA256
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53
-
SHA512
2719b5bb5d5797b530463e0e132496a224ea061fc897c66779037214c5e63c5b1a7df3422c1e6f9ddd2101cacda344e013b2c11ae078ec4bd8ea22332a213486
-
SSDEEP
98304:P1hAmoqJW0jB4vmdRQcYduvjhK4OQyyuz/21wH8LHd/F902scBcwucGeR7:NemFM0jB4v+zfjhFO+mH8L9/F7fbuc
Behavioral task
behavioral1
Sample
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
ReZero
web-authentication.gl.at.ply.gg:23352
0bed19877875a0f3385bb55897b96af0
-
reg_key
0bed19877875a0f3385bb55897b96af0
-
splitter
|'|'|
Extracted
metasploit
encoder/shikata_ga_nai
Targets
-
-
Target
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53N.exe
-
Size
5.2MB
-
MD5
4786e70687f230ac3d08946bd3b08540
-
SHA1
bcc4228899c875d3444be0830b5e4bdd5d9b096a
-
SHA256
e47a6e0f33fb40a39911e4bd2a187f5686962867b8f5c5645c23090fa2855b53
-
SHA512
2719b5bb5d5797b530463e0e132496a224ea061fc897c66779037214c5e63c5b1a7df3422c1e6f9ddd2101cacda344e013b2c11ae078ec4bd8ea22332a213486
-
SSDEEP
98304:P1hAmoqJW0jB4vmdRQcYduvjhK4OQyyuz/21wH8LHd/F902scBcwucGeR7:NemFM0jB4v+zfjhFO+mH8L9/F7fbuc
-
Detect Neshta payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Njrat family
-
Disables RegEdit via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1