General
-
Target
6f49aca9996fb9d28b97e2b07d25e02647e43d5bf51035eb0c09385eb7ba1f72
-
Size
112KB
-
Sample
210926-kjdzyaeeeq
-
MD5
07bfd7b03f65c8ceddc086dafc298742
-
SHA1
5fac4be447cf92720755ba65a2d76ec42025cc8c
-
SHA256
6f49aca9996fb9d28b97e2b07d25e02647e43d5bf51035eb0c09385eb7ba1f72
-
SHA512
db5b3792dd60604177ffd11c2373abcdf538c7c7013b5deec877e656351ab12804b98a8e7eba65cfbe60d089d34c9792ceb2d67d2c41b26a0c069d9577c98109
Static task
static1
Behavioral task
behavioral1
Sample
6f49aca9996fb9d28b97e2b07d25e02647e43d5bf51035eb0c09385eb7ba1f72.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
6f49aca9996fb9d28b97e2b07d25e02647e43d5bf51035eb0c09385eb7ba1f72
-
Size
112KB
-
MD5
07bfd7b03f65c8ceddc086dafc298742
-
SHA1
5fac4be447cf92720755ba65a2d76ec42025cc8c
-
SHA256
6f49aca9996fb9d28b97e2b07d25e02647e43d5bf51035eb0c09385eb7ba1f72
-
SHA512
db5b3792dd60604177ffd11c2373abcdf538c7c7013b5deec877e656351ab12804b98a8e7eba65cfbe60d089d34c9792ceb2d67d2c41b26a0c069d9577c98109
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-