General
-
Target
PO 20212702.xlsx
-
Size
313KB
-
Sample
211004-krlpragbbq
-
MD5
866d989d919c96e981a9b8ab1af9d8fb
-
SHA1
1ba7069a23eb4cbac7bb6653fe6d6e461ccdcbf4
-
SHA256
7ffcb9f6daf4464de0fc3d659e47b76673c16c0f864ad0d2d1ac40f4b295ddfb
-
SHA512
a6012888e7585c8e6432bee2273b1671ac740dfb70e20b92e3b9daa315c0b4621e31f7edbb15fca7aaed46bfa71bf49cbf40f838d325f4112aa1db1fae480481
Static task
static1
Behavioral task
behavioral1
Sample
PO 20212702.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PO 20212702.xlsx
Resource
win10v20210408
Malware Config
Targets
-
-
Target
PO 20212702.xlsx
-
Size
313KB
-
MD5
866d989d919c96e981a9b8ab1af9d8fb
-
SHA1
1ba7069a23eb4cbac7bb6653fe6d6e461ccdcbf4
-
SHA256
7ffcb9f6daf4464de0fc3d659e47b76673c16c0f864ad0d2d1ac40f4b295ddfb
-
SHA512
a6012888e7585c8e6432bee2273b1671ac740dfb70e20b92e3b9daa315c0b4621e31f7edbb15fca7aaed46bfa71bf49cbf40f838d325f4112aa1db1fae480481
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-