General
-
Target
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd
-
Size
719KB
-
Sample
220201-s3326shca4
-
MD5
dca6639ceeb23a5dc0b9fca15c4706d4
-
SHA1
3d3d0b600cefaee86f63467bd8307b7434e7ebc9
-
SHA256
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd
-
SHA512
d303c199e6422bab5ea045734ed2b2e8a5bfa0f08c1dd8a056fb5660bf513916fb6e1f9873dcdf5fa3f7b32be4f68de90d6ff707ba01f8ef9a666024ff70cb8a
Static task
static1
Behavioral task
behavioral1
Sample
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery_Instructions.html
href="mailto:[email protected]">[email protected]</a>
Extracted
C:\Recovery_Instructions.html
href="mailto:[email protected]">[email protected]</a>
Targets
-
-
Target
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd
-
Size
719KB
-
MD5
dca6639ceeb23a5dc0b9fca15c4706d4
-
SHA1
3d3d0b600cefaee86f63467bd8307b7434e7ebc9
-
SHA256
73856883e34f63bfc3a845517aeff46467c941f990cd383035a24b4990f6f4dd
-
SHA512
d303c199e6422bab5ea045734ed2b2e8a5bfa0f08c1dd8a056fb5660bf513916fb6e1f9873dcdf5fa3f7b32be4f68de90d6ff707ba01f8ef9a666024ff70cb8a
-
Detect Neshta Payload
-
MedusaLocker Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-