General
-
Target
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8.exe
-
Size
94KB
-
Sample
210925-ft79baadfj
-
MD5
be56a866861c0cc91ff470f769d74d22
-
SHA1
87ee58769b0c3eb629434ba0c5f9d3cd65accd4d
-
SHA256
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8
-
SHA512
5be5f4ae7eb08a5a54bfa5dc0d000b94c69843e88b7e792350b0716390228df67ec2b1bb618b701a58cfe75fbaa5dd800d6c7f40a2cb4ea1d7f0a5b8eaf97d38
Static task
static1
Behavioral task
behavioral1
Sample
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\Users\Public\Desktop\how_to_back_files.html
Targets
-
-
Target
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8.exe
-
Size
94KB
-
MD5
be56a866861c0cc91ff470f769d74d22
-
SHA1
87ee58769b0c3eb629434ba0c5f9d3cd65accd4d
-
SHA256
dad35352c33a0357188ac5d9c32934fe0b8dd5c1ee639e5bc9100f85dd9b85a8
-
SHA512
5be5f4ae7eb08a5a54bfa5dc0d000b94c69843e88b7e792350b0716390228df67ec2b1bb618b701a58cfe75fbaa5dd800d6c7f40a2cb4ea1d7f0a5b8eaf97d38
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-