General
-
Target
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e
-
Size
707KB
-
Sample
220201-s4smtshcb5
-
MD5
0ea3051e5173035fc97c403746d67437
-
SHA1
e04260b5cc147207c3d18b9a486cb636b3a46ff8
-
SHA256
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e
-
SHA512
9afdcf3ffd9190362900c55f02172f5c9d1033e7e618b627b0efbda170eb31114547d9808ad161dfa08dc135fe311d096a8317370d5e7cefaf2e263ac118c85d
Static task
static1
Behavioral task
behavioral1
Sample
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
\??\Z:\Boot\Recovery_Instructions.html
href="mailto:[email protected]">[email protected]</a><br>
href="mailto:[email protected]">[email protected]</a>
Extracted
\??\Z:\Boot\Recovery_Instructions.html
href="mailto:[email protected]">[email protected]</a><br>
href="mailto:[email protected]">[email protected]</a>
Targets
-
-
Target
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e
-
Size
707KB
-
MD5
0ea3051e5173035fc97c403746d67437
-
SHA1
e04260b5cc147207c3d18b9a486cb636b3a46ff8
-
SHA256
6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e
-
SHA512
9afdcf3ffd9190362900c55f02172f5c9d1033e7e618b627b0efbda170eb31114547d9808ad161dfa08dc135fe311d096a8317370d5e7cefaf2e263ac118c85d
-
Detect Neshta Payload
-
MedusaLocker Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-