Static task
static1
Behavioral task
behavioral1
Sample
f35316c3604c6f515d33999724e6b75db0e3c958f653c1af7c2f8e75aea35e63.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f35316c3604c6f515d33999724e6b75db0e3c958f653c1af7c2f8e75aea35e63.exe
Resource
win10-en-20211208
General
-
Target
f35316c3604c6f515d33999724e6b75db0e3c958f653c1af7c2f8e75aea35e63
-
Size
207KB
-
MD5
1c451710fcd855220a55ee7531c1db8b
-
SHA1
64c5e509b899b37a2107384cb86ffbd42c9a559c
-
SHA256
f35316c3604c6f515d33999724e6b75db0e3c958f653c1af7c2f8e75aea35e63
-
SHA512
aa778286fe7773e080b9933b0cf8a887585484112189ddd1ce7583a2773b818d4e72527ee55f5b60436eb29028785c1ffaa081e627891ed4c848c31d773521e0
-
SSDEEP
3072:sr85CIyy2RjLTuVyu7CJDgoMT3QPWYFQxLt79LFrb30BRtBZZg+i2v:k9ny2RsQJ8zgPWSwxJ0BXScv
Malware Config
Signatures
-
Detect Neshta Payload 1 IoCs
Processes:
resource yara_rule sample family_neshta -
Neshta family
-
Sodinokibi family
Files
-
f35316c3604c6f515d33999724e6b75db0e3c958f653c1af7c2f8e75aea35e63.exe windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ