General
-
Target
rfq.exe
-
Size
595KB
-
Sample
211129-rymzqacccp
-
MD5
1212b3c985046ecb241e195e25a9913b
-
SHA1
984eb9a8f5cb572774115307d65557e9a6a7f31d
-
SHA256
d02c7e238675ed340d700e865360567a92cece2754486e033a7957f7f0b33a22
-
SHA512
e10aecd08a673158e82520deafcaa7e298269c3a0ee123c9ac154b2f85af5946bfbbec5525558a00abee866e72b6710b1ea6a2409c2e2263062276df81da67a3
Static task
static1
Behavioral task
behavioral1
Sample
rfq.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
rfq.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
rfq.exe
-
Size
595KB
-
MD5
1212b3c985046ecb241e195e25a9913b
-
SHA1
984eb9a8f5cb572774115307d65557e9a6a7f31d
-
SHA256
d02c7e238675ed340d700e865360567a92cece2754486e033a7957f7f0b33a22
-
SHA512
e10aecd08a673158e82520deafcaa7e298269c3a0ee123c9ac154b2f85af5946bfbbec5525558a00abee866e72b6710b1ea6a2409c2e2263062276df81da67a3
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Suspicious use of SetThreadContext
-