General
-
Target
672300912.xlsx
-
Size
588KB
-
Sample
210918-bn3dnagga8
-
MD5
f45c96d01984b479b9c586f7686e0727
-
SHA1
4a0293afdd747d2b75bc686e6d2556a6271dc413
-
SHA256
d590113d786474dda028703f5cf2dbf1e2f4c03ae06e4032af83bdefaa670216
-
SHA512
2f6ceebc0872412716780f872303f3b1363c684ebc11c7c0771748d390ec37acd2c652f779e262622e9a9aec26a11a6ab99993255b5503059ca2cc1aa0d51fc5
Static task
static1
Behavioral task
behavioral1
Sample
672300912.xlsx
Resource
win7-en-20210916
Behavioral task
behavioral2
Sample
672300912.xlsx
Resource
win10v20210408
Malware Config
Targets
-
-
Target
672300912.xlsx
-
Size
588KB
-
MD5
f45c96d01984b479b9c586f7686e0727
-
SHA1
4a0293afdd747d2b75bc686e6d2556a6271dc413
-
SHA256
d590113d786474dda028703f5cf2dbf1e2f4c03ae06e4032af83bdefaa670216
-
SHA512
2f6ceebc0872412716780f872303f3b1363c684ebc11c7c0771748d390ec37acd2c652f779e262622e9a9aec26a11a6ab99993255b5503059ca2cc1aa0d51fc5
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Looks for VirtualBox Guest Additions in registry
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-