General
-
Target
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388
-
Size
1.8MB
-
Sample
220205-eph8ysgdcn
-
MD5
1220a22a8b5c1832e02d10e434f66fb9
-
SHA1
ff179e0ecf7404d16230d79c627e84f36dc7c851
-
SHA256
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388
-
SHA512
c323d5cb2ab1b0088b14ea3d35962110333d6e63bd11d8d7b07f1f72744ad5aa7b56b77f0a4478673152e1db6c8dc49534dd13e58ef858eb8fb649693b95ebde
Static task
static1
Behavioral task
behavioral1
Sample
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388
-
Size
1.8MB
-
MD5
1220a22a8b5c1832e02d10e434f66fb9
-
SHA1
ff179e0ecf7404d16230d79c627e84f36dc7c851
-
SHA256
b01dd899c49f7aef55dce3caf52b4f0ffce0dca33a504f8baa8b31625a6ca388
-
SHA512
c323d5cb2ab1b0088b14ea3d35962110333d6e63bd11d8d7b07f1f72744ad5aa7b56b77f0a4478673152e1db6c8dc49534dd13e58ef858eb8fb649693b95ebde
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-