General
-
Target
vbc.exe
-
Size
894KB
-
Sample
210917-rgyd5afgg8
-
MD5
66ce1420280eceebeab924165f28b7bb
-
SHA1
7355e30b88eb71f34fa37df9dcfcb8fc91013fd4
-
SHA256
56331fa6c35d48c153e5004cb8574c36e2c16f3bb339e53549dc28ec7ad0f232
-
SHA512
8fed800ba457321903af29448b6c31b017393572f32b61f0c9fb4c028375e4937356348e6bbcdf7a2ec37484bd9e3cecfcb84d1212dfb45e2c6a4fe3fa026369
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10-en
Malware Config
Targets
-
-
Target
vbc.exe
-
Size
894KB
-
MD5
66ce1420280eceebeab924165f28b7bb
-
SHA1
7355e30b88eb71f34fa37df9dcfcb8fc91013fd4
-
SHA256
56331fa6c35d48c153e5004cb8574c36e2c16f3bb339e53549dc28ec7ad0f232
-
SHA512
8fed800ba457321903af29448b6c31b017393572f32b61f0c9fb4c028375e4937356348e6bbcdf7a2ec37484bd9e3cecfcb84d1212dfb45e2c6a4fe3fa026369
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-