General
-
Target
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05
-
Size
1.8MB
-
Sample
220205-ecp6qsgcbq
-
MD5
915272c2cb1a64cfdcd587fde3e5b4b2
-
SHA1
7fcb321379733ca7e449f9f5fe29e3eacd9e39d9
-
SHA256
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05
-
SHA512
8a2b70ab78968bee05afcb789aded3646b3ed68f95b2ce710e5e4a33ddc689551a23d790eaad5ea7bea2fcd0b4edbb56888644df9c4327653a79bfa20338b650
Static task
static1
Behavioral task
behavioral1
Sample
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05
-
Size
1.8MB
-
MD5
915272c2cb1a64cfdcd587fde3e5b4b2
-
SHA1
7fcb321379733ca7e449f9f5fe29e3eacd9e39d9
-
SHA256
d875927c5abbd6a123fd863a39add1cf9c9afba520909090065c0aea2d46ce05
-
SHA512
8a2b70ab78968bee05afcb789aded3646b3ed68f95b2ce710e5e4a33ddc689551a23d790eaad5ea7bea2fcd0b4edbb56888644df9c4327653a79bfa20338b650
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-