Overview

overview

10

Static

static

10

Dangerous RAT.zip

windows11-21h2-x64

1

Dangerous ...AT.exe

windows11-21h2-x64

10

Dangerous ...xx.txt

windows11-21h2-x64

3

Dangerous ...01.jpg

windows11-21h2-x64

Dangerous ...02.jpg

windows11-21h2-x64

Dangerous ...04.jpg

windows11-21h2-x64

Dangerous ...nd.exe

windows11-21h2-x64

3

Dangerous ...A1.jpg

windows11-21h2-x64

Dangerous ...ac.png

windows11-21h2-x64

Dangerous ...ct.png

windows11-21h2-x64

Dangerous ...ox.dll

windows11-21h2-x64

1

Dangerous ...IP.dat

windows11-21h2-x64

3

Dangerous ...og.rtf

windows11-21h2-x64

1

Dangerous ...nd.exe

windows11-21h2-x64

3

Dangerous ...ub.exe

windows11-21h2-x64

6

Dangerous ...ub.exe

windows11-21h2-x64

3

Dangerous ...ub.vbs

windows11-21h2-x64

1

Dangerous ...EG.png

windows11-21h2-x64

Dangerous ...PH.png

windows11-21h2-x64

Dangerous ...VI.png

windows11-21h2-x64

Dangerous ...il.dll

windows11-21h2-x64

1

Dangerous ...io.dll

windows11-21h2-x64

1

Dangerous ...AN.exe

windows11-21h2-x64

1

Dangerous ...df.exe

windows11-21h2-x64

3

Dangerous ...nt.dll

windows11-21h2-x64

3

Dangerous ...nx.dll

windows11-21h2-x64

3

Dangerous ...li.dll

windows11-21h2-x64

3

Dangerous ...Dc.dll

windows11-21h2-x64

1

Dangerous ...nc.exe

windows11-21h2-x64

1

Dangerous ...Ex.exe

windows11-21h2-x64

1

Dangerous ...ub.xml

windows11-21h2-x64

3

Dangerous ...ns.vnc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dangerous RAT.zip

  • Size

    34.1MB

  • Sample

    250225-sbycls1pw7

  • MD5

    a34b27d5181f264bf71b808b0661c2b7

  • SHA1

    8f672f156303812e2b68228cab83c0c6062ae167

  • SHA256

    6a051afc95e34431e4abbe7d4a4de66f07c80ea2dc42cbe5e5816ea3da6eaee6

  • SHA512

    2fdd9a049196aa8d899960b116b208b7d61f2e15423970a625eea2ad0210094a94e0879637d5c382938cfb26f64d6e62556bca36ba2b3b0c12365cba7f015bae

  • SSDEEP

    786432:8uRb8iHLwBGk+DKptwSIuqCyllWApExmjbL7wRy3yrXk:8uRAitDKp/q2ApEybfwRyCrU

Score
10/10
neshtanjratxwormhackeddiscoveryexecutionpersistenceransomwareratspywaretrojan

Malware Config

Extracted

Family

njrat

Mutex

%Cor%

Attributes
  • reg_key

    %Cor%

  • splitter

    |-F-|

Extracted

Family

xworm

Version

3.0

C2

3skr.uncofig.com:9999

Mutex

wRjQMjeNtaZnUCMU

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7942324376:AAFz5Z-GdKIj1CePZyqIUmvNWOymMRw8Lmk/sendMessage?chat_id=2078478344

aes.plain

Extracted

Family

njrat

Version

VU

C2

H:P

Mutex

RG

Attributes
  • reg_key

    RG

  • splitter

    |-F-|

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

1238.313.44:5552

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Extracted

Family

xworm

C2

127.0.0.1:1417

abolhb.com:5050
Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/H3wFXmEi

aes.plain
aes.plain
aes.plain

Targets

    • Target

      Dangerous RAT.zip

    • Size

      34.1MB

    • MD5

      a34b27d5181f264bf71b808b0661c2b7

    • SHA1

      8f672f156303812e2b68228cab83c0c6062ae167

    • SHA256

      6a051afc95e34431e4abbe7d4a4de66f07c80ea2dc42cbe5e5816ea3da6eaee6

    • SHA512

      2fdd9a049196aa8d899960b116b208b7d61f2e15423970a625eea2ad0210094a94e0879637d5c382938cfb26f64d6e62556bca36ba2b3b0c12365cba7f015bae

    • SSDEEP

      786432:8uRb8iHLwBGk+DKptwSIuqCyllWApExmjbL7wRy3yrXk:8uRAitDKp/q2ApEybfwRyCrU

    Score
    1/10
    behavioral1

    • Target

      Dangerous RAT/Dangerous RAT.exe

    • Size

      7.2MB

    • MD5

      302cb7218c3275c139ac070dae4f4daa

    • SHA1

      bcf24a42ae53f36863caa8b9c49a67d6a2bbc223

    • SHA256

      0079ba87b80bba1dbeb2fb1ea7361f7a44d0c4e9d55995c28b3329e9265a8c14

    • SHA512

      118819ac3011e0cb6222e883c95d179a970b8166dccdff7ed3bdeb34d1f67a5eee1ef2b251d708fd67b07835eb67cdbfcf877bb722f35a4dd086e38bf98c8adb

    • SSDEEP

      196608:/btBPRnfvon6IZYhydLLCdsflb8MKHTdas:7ZQ60LyS8MSas

    Score
    10/10
    neshtanjratxwormhackeddiscoverypersistenceransomwareratspywaretrojan

    • Detect Neshta payload

    • Detect Xworm Payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Njrat family

      njrat

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral2

    • Target

      Dangerous RAT/Exploit Creaked - FC/xxx.txt

    • Size

      1KB

    • MD5

      93deaf2ba979ad8fffb2bcb407acb1c6

    • SHA1

      b243742d5519ab6dd34d7b5a50ed0d8eb10a42fb

    • SHA256

      8a3a1327ecda6941cfee064e2d42469ef9904a0505d0641a2823e181a23dca9c

    • SHA512

      471960554ab2b1bbdbfee1432aeb87f859bf9fec976bf10abe5d5d3885ed1aaa882f4887348866d28fcc2dfdf1d557d89e659cdaf3489ec85e9918380fd296d4

    Score
    3/10
    behavioral3

    • Target

      Dangerous RAT/Extensions/01.jpg

    • Size

      171KB

    • MD5

      bbe8a8e259b0f2677b59fee36ed35136

    • SHA1

      576609a1f418f9348397301e0943c8da9d826bf4

    • SHA256

      efa068293509a661273d5f778e019c5e89b137499dca07220058f4d9870c0353

    • SHA512

      61b2fd1406ea4fa505c6aec6bc7886de83c9817de647ea0d742d3d7645965b7cc4d8f15e33c94619dd4beb0510c48f8932dd2791c6d101e2580b2a757f6c734b

    • SSDEEP

      3072:ZC97C7mDpqqlkL8yDYpE8AMr0BZz1loT67ByqRvIjPNk0Hrg5K:eYUqqlkLqa8vcvIjlk0Hrg5K

    Score
    1/10
    behavioral4

    • Target

      Dangerous RAT/Extensions/02.jpg

    • Size

      75KB

    • MD5

      04a6d0049bae295cb5a421677c0ae553

    • SHA1

      0906118941355eafca9ffa9f790a6ff3a58c2062

    • SHA256

      d7e29b19a6b8c19608dfbfb22c5382dc3d58277669b3d1d948bd3fbf0c867c37

    • SHA512

      c1b0bfbf79425051e281151e38c1133ca6db547ffd0fbfd55a97ed038304324ef3e7df96a9581435c73c2108d415fe493be25604128328aa6a01d6b58859fd2c

    • SSDEEP

      1536:EAdO4vwTbHHrNs63AYLN4eiUs7MGrOuzKoyvzj/CPLSwW+/h/imCuKJPYXV3dD:5wvhCYZ4jUWMGr7zKocPCPW5E6IKC5dD

    Score
    1/10
    behavioral5

    • Target

      Dangerous RAT/Extensions/04.jpg

    • Size

      7KB

    • MD5

      312a1787463793d955173adee715a866

    • SHA1

      77a49f8d4bb2f432739873d7d190cb64e5c2c08b

    • SHA256

      c1483f84f458493b4bdd7cc5e84b25ec46feaa03f7953489725ab90933724ef4

    • SHA512

      352abccc5e0881952adfa324455ad31fa3c22f8ae75d3bf53b73c0035449d43dcd9e5c4787909405ad61aa5dec4a51addb9f9e3980bf8e3a3c1e3581dbdbb492

    • SSDEEP

      192:ZwWtl3qK5K8RXx6TtSljUAoADddO9KrngTcF:CWtlnzXxMt64VAPbEYF

    Score
    1/10
    behavioral6

    • Target

      Dangerous RAT/Extensions/Bind.dat

    • Size

      35KB

    • MD5

      8820452a304f56a3f2e6d495b5385bd2

    • SHA1

      494fe0909bacb62c9e181bb4d70ef2be7d4d0815

    • SHA256

      64959c6420c9b668abbaefa724253cb83573f4947b0c3c43597dcb961dc09da6

    • SHA512

      6545e7430fba5e7cdf4e82b4f7aa2bb96488922ebd75cfb57111d67cfcd2858aacc1a1d64bc247382e7adcfac5c70e91d5c7f615b2048067954f541fd96f2415

    • SSDEEP

      384:un3viNVJ4BpGCG0w4JXuEn00oXnPSGecL/p9xWMoDdIm7:of8VeM+WV9xWMoCm

    Score
    3/10
    discovery
    behavioral7

    • Target

      Dangerous RAT/Extensions/Img/A1.jpg

    • Size

      6KB

    • MD5

      c928c1fdcf27715c025b5ee1a3ba02e6

    • SHA1

      493a50bfb59e78a29eaa4f0e08d326b17af76a64

    • SHA256

      fe0906da0fafa4a931bb6d469d5a3efb0b0a09918bc4ef625a11b58c6d6fa867

    • SHA512

      4a6d215b59a4e3f5dd98520dec69b544cf7dd06aa668baf50b78f3a38448324988a5112ab226c6f4ae0ec53fcf40a204412971826da39cf8ad56b57cc366ba52

    • SSDEEP

      192:jV5nLmNz3XFmZtSgROn/k6/nw6Q3xvRcGbJB:jznLmTmZfRZenV+xvRcK

    Score
    1/10
    behavioral8

    • Target

      Dangerous RAT/Extensions/Img/Hac.png

    • Size

      22KB

    • MD5

      b7e175e8ddc5dc8a5a6d257a4617a0df

    • SHA1

      12322fa3689b48287dac36c98e23f18194cbfed5

    • SHA256

      4f45de2907b950008f5853a323630321da019e97267c986829ebb4a7a1679161

    • SHA512

      8041b2f2ce6f245f1853840b99c51abe0b350c7fdf689e13567a35f6527b9f89a0f341cef48562bf332982e29d549cd17692cb50fc4948f47c472aef4f0e5734

    • SSDEEP

      384:AeFAoV21s/6LAGa+vPPQgH+rtBTKV5L5avhQqHU5fGrcr5BjgR6E:AEV6LAGa+1ert5Q59aJC/XgR6E

    Score
    1/10
    behavioral9

    • Target

      Dangerous RAT/Extensions/Img/Vct.png

    • Size

      9KB

    • MD5

      b0e73ab80b8901bf5ecdee9443466b78

    • SHA1

      c1c86619c6a492fe09e5e013a9d28606bed24425

    • SHA256

      0f2bb2913490b6a4050942ca3d67a251b6364a1c7c632e2e6dbedd3a20a228b7

    • SHA512

      bb52a8cdf224a0b895833d8beeda2ae4e88c7b4b5de1a60bae1d7d53840488d1b243be0a54b3910546101eb8923b318d8a2048527b1aa4be72e43f9e50af7952

    • SSDEEP

      192:yspyqqUn4Ln3Xjh4TU5fD0keGYHxzB+ugvHuUk64Rl7Pfu4XNX308bBU:pyE4LHjh4G4keGYHx0xvRkj7Pfu4XN/u

    Score
    1/10
    behavioral10

    • Target

      Dangerous RAT/FastColoredTextBox.dll

    • Size

      333KB

    • MD5

      b746707265772b362c0ba18d8d630061

    • SHA1

      4b185e5f68c00bef441adb737d0955646d4e569a

    • SHA256

      3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519

    • SHA512

      fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8

    • SSDEEP

      6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n

    Score
    1/10
    behavioral11

    • Target

      Dangerous RAT/GeoIP.dat

    • Size

      1.2MB

    • MD5

      797b96cc417d0cde72e5c25d0898e95e

    • SHA1

      8c63d0cc8a3a09c1fe50c856b8e5170a63d62f13

    • SHA256

      8a0675001b5bc63d8389fc7ed80b4a7b0f9538c744350f00162533519e106426

    • SHA512

      9bb0c40c83551000577f8cf0b8a7c344bc105328a2c564df70fabec978ad267fa42e248c11fb78166855b0816d2ef3ec2c12fe52f8cc0b83e366e46301340882

    • SSDEEP

      24576:X49Ncvb7y4+FFfI12ky0dBRQ3fNLxDKefhoFbQfAACiTQVapg:o9Nhw1vJ83fNLxu2UVa2

    Score
    3/10
    behavioral12

    • Target

      Dangerous RAT/Kalogar_Online/Dell-12-30-2020/Keylog.rtf

    • Size

      418B

    • MD5

      2cb3d075e3e836741d45d2e0f5adcd93

    • SHA1

      9faaee0fb2aea0c8021b4a08d4ab9c4485001dbc

    • SHA256

      a7b6e9c3d31de8e8f22f346f9ff38f8f0a3f258a46f563ccb5f832a715bc3a26

    • SHA512

      4c81eb27a74f8576d4f11e4a9296f4d2e4760f0b8d6779d6f3978dcd2873d11f9aeed64ce2ea7fd5a97878c609b18cdcd97b8af5b9cb9f5a1d86c6f5a9d33c26

    Score
    1/10
    behavioral13

    • Target

      Dangerous RAT/Kay/Bind.dat

    • Size

      33KB

    • MD5

      98dca3c1bae7b12d90e05d56e23aab17

    • SHA1

      4d0b3e9ef7f5e0d18bd8b97774963e89493c3494

    • SHA256

      7b0d30222fd50ca8a4a5ea1af483e85ea7a332545b54344fc8fceb2e2fc2bfb9

    • SHA512

      d8732a9c076f6f4d2fcce6c287705923b4f3983e0ce0381a419267c43f0b17d618e513f2981b7a033b0c546fe216671f4bb4ca1980dd7575da0ee8c7a3bbb8ca

    • SSDEEP

      384:7L/Lu3GPLT8h16CnEkYuAu3tm9uuTMmv5Onuuuu/uuuuhuu7+sgPnEsU99uuEuu+:v63+SmnE55kQYd5c6s

    Score
    3/10
    discovery
    behavioral14

    • Target

      Dangerous RAT/Kay/Stub.bin

    • Size

      15KB

    • MD5

      ea2fe690956e04b29db465f14fc26690

    • SHA1

      d027c14e779aee5e8c3f4028417eca8d53c77c1f

    • SHA256

      15ac5860a78b240b7063b95d2f701848162f21155baa9ec4d528c516bba25893

    • SHA512

      6b4c60460b23aa063d55e1dc051fcc5dcf434c6f1d3d7b2656d48cc05246294f38f4f3477006fdc48c7c3383cc242be1bd36f96362ee57ec0de79c5f58fe2709

    • SSDEEP

      192:FIfeuLOlUZ+7STfJwYfStbfSNQgaZm6LKnloYU45WtIhfjrX9iv8I/0lLBP:FIfeGO7uxykMBLf45WQfjrX968/BBP

    Score
    6/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral15

    • Target

      Dangerous RAT/Kay/Stub.dat

    • Size

      14KB

    • MD5

      dc4b478752e593e0e246d6b61a98c14c

    • SHA1

      ff7f8dd6d53071382456a5289d3626975c5a4ea3

    • SHA256

      d76432bca73fe93e090730595e8e7e81decf40391010500ed3eb4b0d8980d2a6

    • SHA512

      11168eb4244598c25f2c862df72aa18e92f16822e269644201917ba4c6b9623e1155ba45798c909e03a27a05f31a24359e4963dfdc83fbb2c8ec69bd4bb199bb

    • SSDEEP

      192:iFkrdkC/edZo7jUbUeu5wZmNYnloYk4suNIDLTNp7kFT7Cx23wqYn:iFWdkuec8a4sO+LTNpA8x3qY

    Score
    3/10
    discovery
    behavioral16

    • Target

      Dangerous RAT/Kay/Stub.il

    • Size

      277KB

    • MD5

      c3bb1b357fb7ffdabe2d72f67a8efdfe

    • SHA1

      e75a83b862d6920773cde8cf424bdb739dbf73b9

    • SHA256

      6e6e8087faee9b91bbb2bc996feb1057321b98913266e4054ef227c86eb42ccb

    • SHA512

      65d678bc75b37acab474027e24c3528d802907c5513d2523c2bc67548cb37b2debaf55beb7351980b8741868412923059df5e85f0c155e3736be42da117f3f65

    • SSDEEP

      3072:1zP6lrekZOtsTOpwmx0dMtTf4bKFLk1euINYXI:1zClnZOtuOpgdM9fyKFLk1fINYXI

    Score
    1/10
    behavioral17

    • Target

      Dangerous RAT/Map/EG.jpg

    • Size

      13KB

    • MD5

      589f9e93decf94820bbf881922dfc35c

    • SHA1

      465b62f47604d8156f492a2e37ccc8e0a581c4e8

    • SHA256

      414517be17e326dfa8b7a8762062250baf5fd51ea7e6635cd0eae26dddd9a906

    • SHA512

      92b9f0c15b5aa65b3f17d834f09e178ebcc11ee6c22cbf921b5ad10e1714a56b3a2a898446ac1f2909c679b9b2d0483916bf772ddb8234f342b383ad73a8d4b5

    • SSDEEP

      384:NEpNwexKHH3VRDV30TsZbamXFKJrkQYIE09yIWioL7pJSj:WHgPiYZGmEJwQYIN8CoLGj

    Score
    1/10
    behavioral18

    • Target

      Dangerous RAT/Map/PH.jpg

    • Size

      13KB

    • MD5

      9511c7edef18fdfd1031f2ca6e8881a1

    • SHA1

      ec157ca6c95209ebea6cf43b6422d36317beab21

    • SHA256

      01d9ba1002be48ae9853540ace6969dfa1830bc1dacf896d1b951a3911eae3da

    • SHA512

      b9c0d1c5c3c91f8683071f616c7e022b1bcda3ff1a15e8a2ca114bca2391c95c37e59436d43a643c49abe75f5604ebb24dffc46a78f5801d7888d5e4e2cb6a89

    • SSDEEP

      384:/uidl0B0LByQV/uDnbt0l0Asn9aDQ0zPKxL:/9YB0vZu7btetc5

    Score
    1/10
    behavioral19

    • Target

      Dangerous RAT/Map/VI.jpg

    • Size

      13KB

    • MD5

      6cac3bc7209ce4c61c9f21f40c975690

    • SHA1

      5036c6a3e9d0eafa00481fe9a70bfc74179b6bf2

    • SHA256

      cf74562d38353f3a7adfb91b7785e8e5305da79f10d19ada74592d2919c9ffe4

    • SHA512

      58a2b3851e06fdbe3a09648955479541d8818ef037315d008f263b34097dbda98f3c83ec1d0cad98638e7952147d76301f3a5d5b4c53cab72b5fd2158b3c8f6c

    • SSDEEP

      384:AdsxOCklSr9VtuOHRKrtjI3DPnXkrKydtbr+sY13YhmYUm0s:AC+Sr9Dzx4x6nUJt2sY13YBH0s

    Score
    1/10
    behavioral20

    • Target

      Dangerous RAT/Mono.Cecil.dll

    • Size

      305KB

    • MD5

      851ec9d84343fbd089520d420348a902

    • SHA1

      f8e2a80130058e4db3cf569cf4297d07d05c93e0

    • SHA256

      cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9

    • SHA512

      5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

    • SSDEEP

      6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB

    Score
    1/10
    behavioral21

    • Target

      Dangerous RAT/NAudio.dll

    • Size

      382KB

    • MD5

      422193aabd3d62275b2b98470279d9f2

    • SHA1

      62ff295275cfbc07132934e473e43b0a4749ec39

    • SHA256

      cd9709bf1c7396f6fe3684b5177fa0890c706ca82e2b98ba58e8d8383632a3c8

    • SHA512

      1ac568f7448ed4a7eed1a9296a8ea132eb0bea0d5e622f80147bca701ab1212421d25a847dbc469abc4089042d3c662235be6d44b12446d174b13223a78f682c

    • SSDEEP

      6144:r+RsYcXreeC8Kl6jQX4ZL2dmeNVnhZD6sg++3aadCDbjuCNj2GLk:IgXfexdD+Y+dCA

    Score
    1/10
    behavioral22

    • Target

      Dangerous RAT/Plugin/AN.dll

    • Size

      15KB

    • MD5

      b3c721c3314d2c20ba685e6b03601467

    • SHA1

      8f1e158e5199394f9687f25e216213ee8172996d

    • SHA256

      3120498168f968b2e7a3f44ef09b9c2e99da6b3dd64b1728df20f873297b7431

    • SHA512

      7d71934d84a4d99d65ba03c2019632694a1bce76dc0ea95ca52db00070bfc660e66bd288b8d08928767222b74a4232cbc5019eef56952f6a522eb64ef8846eef

    • SSDEEP

      384:b0is/P8/d+iU1irbb09VkwqELjwF2pMT0HWSJU36:b0iu81gKbbsxi6

    Score
    1/10
    behavioral23

    • Target

      Dangerous RAT/Plugin/Adf.dll

    • Size

      17KB

    • MD5

      d1a3d0619a4f1c40ad0042ee0f37ce3e

    • SHA1

      bf86bf2d7ede77a29a75b257c4d1ead85b0d01b9

    • SHA256

      2c860ae1f6b9ad6f0fed907c268714cb2c2c7615d89f0733682014ec852bb3fe

    • SHA512

      3023603ebd8dd527787c94eaca844c8df422a02f3da6f51c66d417a5138903bfa283c48dc64e757a63343320a80a50cdd72abc6544f5cb2c1a750f5e06781030

    • SSDEEP

      384:Qs/W8W+vkpJc49GjS2HLjwSBpM/bnQdWJzyg:Qn8WikrGjbqy

    Score
    3/10
    discovery
    behavioral24

    • Target

      Dangerous RAT/Plugin/Ant.dll

    • Size

      14KB

    • MD5

      8854809c9c8f5feb776ed337761c0390

    • SHA1

      1ed9deb4a774852b92cfd58d769c539c583a6ec1

    • SHA256

      4d962f32f94f83d52e193a191df6d0202d441773eba0969df4fcada62385baeb

    • SHA512

      d267cf32a009155648a8aa6e011465331d37c5a349e042a2099420824bb7128a38fbf87ee3d18df39cc6de2f3a97eb5fad4568bbcf430b32833e9f7ea1bb2905

    • SSDEEP

      384:GgdovW5UJ0ELsElpBIx68tSzmtuxNvoF:BdoOH6kYNvoF

    Score
    3/10
    discovery
    behavioral25

    • Target

      Dangerous RAT/Plugin/Anx.dll

    • Size

      20KB

    • MD5

      44d692fbbdb6885457057ee5bd5d257b

    • SHA1

      b861d3dcba13aa578679f69a16d251c5b3b68a6d

    • SHA256

      f5e3a28d021745b4f3eb8e12f228fcba12bd01d668569f70d6c1aecd33a21777

    • SHA512

      5e06c1851dd17c884fccc2bb5da12dacda4df228c7fd1853df1b17c93420ae23edb727eddfad170598c9e1367ee41e40ba1cb7f66aef3bb634fceb4c38c0363b

    • SSDEEP

      384:2xQ9Bb0GlHF6ar+i9gAlpBIx6wvtSz17xrtcM8MqPIM+5:H9pVF6eT9hsVi7P8MqPIH5

    Score
    3/10
    discovery
    behavioral26

    • Target

      Dangerous RAT/Plugin/Cli.dll

    • Size

      15KB

    • MD5

      39c44ad43461da2127dfbb978853c210

    • SHA1

      af5208fcc091d0168cfd2ad131cbc810d4062b73

    • SHA256

      8ee8407c076076b5bcd1a6f2f245a18aa5cfdbc16df19d69dc6375a0ec098533

    • SHA512

      f2ba948e4c1b383d0c47acb252f2eb1e04016eeee4db39ad1f36cf8d33124a99d3369ae26416f1afa2afe7540160467f7a826a323ee3b986e24e72c90f488a49

    • SSDEEP

      384:cbJymHbacA1dl+ASQilpBIx6wvtSz1zPBFMClguw:EJyMbVAKQesVibMClguw

    Score
    3/10
    discovery
    behavioral27

    • Target

      Dangerous RAT/Plugin/Dc.dll

    • Size

      23KB

    • MD5

      a16dcbae0d7f2d40066e1528e9520ea3

    • SHA1

      3c50db3271b099d69e49783c8d8c240ab19f371a

    • SHA256

      4fe2421b3b896dfb0c1e81f2f8a2b97a9776fba3f6cdd1f97595138cc10d7d66

    • SHA512

      6b368be2620624f9ba18555d927fe8f10d0aac9b0215cb35016f36d7599c825db212e9d9796389152d9bd017350cfb0ad7b1309696a2a3a868cb14bb7c78fcca

    • SSDEEP

      384:rx82T3sfbHOpiyjVYMlpBIx6STB6iNqkPDRk2:r3sMiyj2YiNqYDRk2

    Score
    1/10
    behavioral28

    • Target

      Dangerous RAT/Plugin/Denc.dll

    • Size

      26KB

    • MD5

      ff33f235d1cc68cf0c98143b79a08d85

    • SHA1

      8248efb61ce1bd4687cff5d141168a6f8a2f2782

    • SHA256

      c6bfc5f09172ad8b1054491b7282d1a74a717a073dd649caea17cdac4ae31f75

    • SHA512

      9e1e14eea3cbb80d5358c2df2c0714fa3563c1ec217f09c607755aa230c7dd0f53ebc2b7de6455be6dfa86a9a7462a50115bd5a6513bf4067dcc61821fcbe3ec

    • SSDEEP

      384:4s/CxcM+ZC7c/iPT/PuNuaAXLjwOtpM/bn/ZJjB:4Hx9+x/iPKoZ5MB

    Score
    1/10
    behavioral29

    • Target

      Dangerous RAT/Plugin/Ex.dll

    • Size

      25KB

    • MD5

      07a86a0343e7ea82368af2ed98006d83

    • SHA1

      2d2294a38c329fb521df63ca6546c28a2a42ec3d

    • SHA256

      a1704d39d3e49d84f625a8d33f5c00a79f0edcdd95250f6a80bbab1ce1a4803a

    • SHA512

      f9e4ce15d81fb25ff5dd46b6c93e6c2366f710704418ed048b794370d2be375cccd2b41b4320b0ee6c2ba05f3d42bdf6e2eca03b08d21f1761d43575031c5419

    • SSDEEP

      384:GXys/CxcM+enR4hRjO+SLjwOtpM/bnqTnJT7dN:GiHx99Ray5RL

    Score
    1/10
    behavioral30

    • Target

      Dangerous RAT/Stub.manifest

    • Size

      487B

    • MD5

      4d18ac38a92d15a64e2b80447b025b7e

    • SHA1

      5c34374c2dd5afa92e0489f1d6f86dde616aca6c

    • SHA256

      835a00d6e7c43db49ae7b3fa12559f23c2920b7530f4d3f960fd285b42b1efb5

    • SHA512

      72be79acd72366b495e0f625a50c9bdf01047bcf5f9ee1e3bdba10dab7bd721b0126f429a91d8c80c2434e8bc751defdf4c05bdc09d26a871df1bb2e22e923bf

    Score
    3/10
    discovery
    behavioral31

    • Target

      Dangerous RAT/options.vnc

    • Size

      225B

    • MD5

      a5cac6bf88537b35400157409f77e567

    • SHA1

      4d6c572288e4716ae002390d14f07569a335d7cd

    • SHA256

      8ce1778387fbf29cc3c36c6c16786c531d516f3fabb878cd40f89931fff694fc

    • SHA512

      3d7f3d304483ba1096380adb3eaa1b34ea62d9e76d66dfe877f258eb537cd6e02f682e4835bfc6fb359bd96e248fa310ddbcc08b0771f262906308cd68761a3f

    Score
    3/10
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks

static1

neshtanjrat
Score
10/10

behavioral1

Score
1/10

behavioral2

neshtanjratxwormhackeddiscoverypersistenceransomwareratspywaretrojan
Score
10/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discovery
Score
3/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

discovery
Score
3/10

behavioral15

discoveryexecution
Score
6/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10