General
-
Target
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f.exe
-
Size
5.2MB
-
Sample
241206-mvefystlg1
-
MD5
386d04e063ab5bb7eb21863ab6ce6d8a
-
SHA1
58e1ce124c0a38f900d703cb786869f05924ef02
-
SHA256
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f
-
SHA512
a47ac301a0e4fc403a4855f5ee5c6f89a11e1a71e697e2dd2741f0006ceda0821adea721e36cbd6d9df4cb7772d25e35497c28a35b208e2a01076d3f3294cd31
-
SSDEEP
98304:P1hAmoqJW0jB4vmdRQcYduvjhK4OQyyuz/21wH8LHd/F902scBcwucGeR7E:NemFM0jB4v+zfjhFO+mH8L9/F7fbucA
Behavioral task
behavioral1
Sample
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
ReZero
web-authentication.gl.at.ply.gg:23352
0bed19877875a0f3385bb55897b96af0
-
reg_key
0bed19877875a0f3385bb55897b96af0
-
splitter
|'|'|
Extracted
metasploit
encoder/shikata_ga_nai
Targets
-
-
Target
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f.exe
-
Size
5.2MB
-
MD5
386d04e063ab5bb7eb21863ab6ce6d8a
-
SHA1
58e1ce124c0a38f900d703cb786869f05924ef02
-
SHA256
bf864296d632a4f80ad03f65a0c5908d964bb3519d18e2444df296deb1a8b24f
-
SHA512
a47ac301a0e4fc403a4855f5ee5c6f89a11e1a71e697e2dd2741f0006ceda0821adea721e36cbd6d9df4cb7772d25e35497c28a35b208e2a01076d3f3294cd31
-
SSDEEP
98304:P1hAmoqJW0jB4vmdRQcYduvjhK4OQyyuz/21wH8LHd/F902scBcwucGeR7E:NemFM0jB4v+zfjhFO+mH8L9/F7fbucA
-
Detect Neshta payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-