General
-
Target
2816723_Invoice_receipt.vbs
-
Size
3KB
-
Sample
210917-ww1v1sahgr
-
MD5
eaf19e86a4dab23ea534c50700044dff
-
SHA1
32fdfb387dfde6946a4ca7851500bbaffd2608c2
-
SHA256
49d201c4f1d8da00165e974d19bade57ee89df4ad2bfd84fb5f6129d5ef9c840
-
SHA512
6c7affea47a243db26c83ff98f7778efd0779f52721762857a0eb0c40c772ba06a9cb3478f153a53238d48e275bd79f4c6f206ebb8ad241223a4a5194ed46519
Static task
static1
Behavioral task
behavioral1
Sample
2816723_Invoice_receipt.vbs
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2816723_Invoice_receipt.vbs
Resource
win10-en
Malware Config
Extracted
https://transfer.sh/nlFGs3/bypass.txt
Targets
-
-
Target
2816723_Invoice_receipt.vbs
-
Size
3KB
-
MD5
eaf19e86a4dab23ea534c50700044dff
-
SHA1
32fdfb387dfde6946a4ca7851500bbaffd2608c2
-
SHA256
49d201c4f1d8da00165e974d19bade57ee89df4ad2bfd84fb5f6129d5ef9c840
-
SHA512
6c7affea47a243db26c83ff98f7778efd0779f52721762857a0eb0c40c772ba06a9cb3478f153a53238d48e275bd79f4c6f206ebb8ad241223a4a5194ed46519
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-