General
-
Target
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78
-
Size
1.8MB
-
Sample
220205-d5by5sfhe2
-
MD5
331d78e06a9df9cc318fe31067498afb
-
SHA1
a99207594eab0f3794b502e5dbb8cf2aff502143
-
SHA256
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78
-
SHA512
3ba492da736cae3b276575b2792cf7b9c9e2fec9dc64f907dcc822e7517fe02feda643eeb08c65f4fb90d2f576a4430c584fa501d5557df0ee4eed1b5a47351f
Static task
static1
Behavioral task
behavioral1
Sample
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78
-
Size
1.8MB
-
MD5
331d78e06a9df9cc318fe31067498afb
-
SHA1
a99207594eab0f3794b502e5dbb8cf2aff502143
-
SHA256
efab2992160105fe2bce828e3f9a904f3c250d2935e9a0ad0f21950e9948da78
-
SHA512
3ba492da736cae3b276575b2792cf7b9c9e2fec9dc64f907dcc822e7517fe02feda643eeb08c65f4fb90d2f576a4430c584fa501d5557df0ee4eed1b5a47351f
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-