General
-
Target
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11
-
Size
1.8MB
-
Sample
220205-ec26asgccl
-
MD5
1c7859cfe4b4787eb93bc72f0504251c
-
SHA1
751c2f05ac454fbee88bd8a735768875890e7c14
-
SHA256
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11
-
SHA512
d7772bc31abbf4f7c5c055a0ac64c4374b5ddaee81c78657e323dd2a24a7c541da226adb91458bc7241f534a31cf0bfe77950ad562fbd45a192f0751bc5bea7c
Static task
static1
Behavioral task
behavioral1
Sample
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11
-
Size
1.8MB
-
MD5
1c7859cfe4b4787eb93bc72f0504251c
-
SHA1
751c2f05ac454fbee88bd8a735768875890e7c14
-
SHA256
d61d30af558b7db5ed1aaf5716a5756a14b63a2d42d941add259199d99f72b11
-
SHA512
d7772bc31abbf4f7c5c055a0ac64c4374b5ddaee81c78657e323dd2a24a7c541da226adb91458bc7241f534a31cf0bfe77950ad562fbd45a192f0751bc5bea7c
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-