neshta | 008d3235fac02c07e1b5c162f2cf7408257c3808fa8d7a74afc15087c017d48c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Ahoutak Ebaini.mp3

windows10-ltsc_2021-x64

Sharing

General

Target

Ahoutak Ebaini.mp3
Size

4.3MB
Sample

250327-whythaxrv5
MD5

b7fd7114e3745aaacb99db60fb0f9bcd
SHA1

792b5fbb0d2687b8a051144e1a226fc1c6b30311
SHA256

008d3235fac02c07e1b5c162f2cf7408257c3808fa8d7a74afc15087c017d48c
SHA512

6a5c4cedfa13505f0dbe5fc8f8b1d4fa6392b340213c215af3fb7c632a71bb4b57607da55267a3e612d3732fa6e2317f4df0fcf0e063f11e5291f25616e5696d
SSDEEP

98304:aNCE3xoY6gC+m0Vf0chVw2VpD8KvbVt8vwHo7LsAL29UAw:aZPNXVMcXFVpD8KTVwwIvE9UAw

Score

10^/10

neshta njrat victim discovery persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ahoutak Ebaini.mp3

Resource

win10ltsc2021-20250314-en

neshta njrat victim discovery persistence spyware trojan

windows10-ltsc_2021-x64

23 signatures

900 seconds

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

1.0.0.721:6522

Mutex

99f38bbe0af13fde32226e71d4a6ac11

Attributes

reg_key
99f38bbe0af13fde32226e71d4a6ac11
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Ahoutak Ebaini.mp3
- Size
  
  4.3MB
- MD5
  
  b7fd7114e3745aaacb99db60fb0f9bcd
- SHA1
  
  792b5fbb0d2687b8a051144e1a226fc1c6b30311
- SHA256
  
  008d3235fac02c07e1b5c162f2cf7408257c3808fa8d7a74afc15087c017d48c
- SHA512
  
  6a5c4cedfa13505f0dbe5fc8f8b1d4fa6392b340213c215af3fb7c632a71bb4b57607da55267a3e612d3732fa6e2317f4df0fcf0e063f11e5291f25616e5696d
- SSDEEP
  
  98304:aNCE3xoY6gC+m0Vf0chVw2VpD8KvbVt8vwHo7LsAL29UAw:aZPNXVMcXFVpD8KTVwwIvE9UAw
Score

10^/10

neshta njrat victim discovery persistence spyware trojan
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

neshtanjratvictimdiscoverypersistencespywaretrojan

© 2018-2025

Terms | Privacy