General
-
Target
09876523456789.exe
-
Size
926KB
-
Sample
210923-ptg7kaecej
-
MD5
b8cdebc24a5ab6241373ae3bcc7d3053
-
SHA1
bb17815265e215c6de61489aca8019bb5ae473e0
-
SHA256
5521410a48148459362ab36b0fad3e61b1ca9b674339476eac02381ffbc04aa2
-
SHA512
b57809010853fce4520d4f0a144c5827f07e0105da22814480472d2d147006712867fcaead42e3aabaf88592344dad2ddca9771a5a616a105253cb5cd8b949e8
Static task
static1
Behavioral task
behavioral1
Sample
09876523456789.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
09876523456789.exe
-
Size
926KB
-
MD5
b8cdebc24a5ab6241373ae3bcc7d3053
-
SHA1
bb17815265e215c6de61489aca8019bb5ae473e0
-
SHA256
5521410a48148459362ab36b0fad3e61b1ca9b674339476eac02381ffbc04aa2
-
SHA512
b57809010853fce4520d4f0a144c5827f07e0105da22814480472d2d147006712867fcaead42e3aabaf88592344dad2ddca9771a5a616a105253cb5cd8b949e8
-
Detect Neshta Payload
-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Modifies visiblity of hidden/system files in Explorer
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-