General
-
Target
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
Size
120KB
-
Sample
210926-kgzhvsefb9
-
MD5
eebba195900bad46e7bbc0fa0056a807
-
SHA1
710d6af6f423bfb4445c9db04cff7fe1256c2c76
-
SHA256
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
SHA512
fab6e9a79eba833ec6d9ec09ae9450bea1f0a9bad0ff44a2e24e0d31a653834c9cfd64d7ef7ecbe43537d29ed921fc5df1dc6e750136cff8a49540961cfdce0c
Static task
static1
Behavioral task
behavioral1
Sample
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
Size
120KB
-
MD5
eebba195900bad46e7bbc0fa0056a807
-
SHA1
710d6af6f423bfb4445c9db04cff7fe1256c2c76
-
SHA256
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
SHA512
fab6e9a79eba833ec6d9ec09ae9450bea1f0a9bad0ff44a2e24e0d31a653834c9cfd64d7ef7ecbe43537d29ed921fc5df1dc6e750136cff8a49540961cfdce0c
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-