General
-
Target
vbc.exe
-
Size
465KB
-
Sample
211011-q71fqshdcr
-
MD5
fd31986696a39355b9e100754b4724e3
-
SHA1
4f1045ce5437b5a761c02a1446c0defd89280ddb
-
SHA256
a58aca3d20dec5c5f100ade6a9f6182f5f7a783f8269cb032e20780041e44f08
-
SHA512
bbb78d8f77973f2349a0a82e3e9ab046b79cdd37053375c5d21b7297c36b587e0809bced70f38d4d621af28f04fdca5701c294e04d4cf04f09582ada580a7ffb
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win7v20210408
Behavioral task
behavioral3
Sample
vbc.exe
Resource
win10v20210408
Behavioral task
behavioral4
Sample
vbc.exe
Resource
win10-ja-20210920
Malware Config
Targets
-
-
Target
vbc.exe
-
Size
465KB
-
MD5
fd31986696a39355b9e100754b4724e3
-
SHA1
4f1045ce5437b5a761c02a1446c0defd89280ddb
-
SHA256
a58aca3d20dec5c5f100ade6a9f6182f5f7a783f8269cb032e20780041e44f08
-
SHA512
bbb78d8f77973f2349a0a82e3e9ab046b79cdd37053375c5d21b7297c36b587e0809bced70f38d4d621af28f04fdca5701c294e04d4cf04f09582ada580a7ffb
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Registers COM server for autorun
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-