General
-
Target
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459
-
Size
1.8MB
-
Sample
220205-f4kwrsgff6
-
MD5
465e7b819d1c5fb9bfabbed623f09e5d
-
SHA1
5361bcaee5f734fe6e455d1d9d26f6136d767a5f
-
SHA256
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459
-
SHA512
ca9b0c90c0ba3c77f236260f0ffcd0348ffe6da6ce0cdb5b831f6d66e25cf3f97275bef2f83b99de048de5c6aa407a5026409f44d862da9e3072773dc0bf6363
Static task
static1
Behavioral task
behavioral1
Sample
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459
-
Size
1.8MB
-
MD5
465e7b819d1c5fb9bfabbed623f09e5d
-
SHA1
5361bcaee5f734fe6e455d1d9d26f6136d767a5f
-
SHA256
119fecc27f3453a241a07556630dc96426e95727b019bcfbdb2d81499d590459
-
SHA512
ca9b0c90c0ba3c77f236260f0ffcd0348ffe6da6ce0cdb5b831f6d66e25cf3f97275bef2f83b99de048de5c6aa407a5026409f44d862da9e3072773dc0bf6363
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-