General
-
Target
8a8c22f532003426966f40a78e7bf11a0cde251f995dadf7e1a65e8c81c9008e
-
Size
184KB
-
Sample
220206-rdlwxsaghp
-
MD5
a20266a221a0ff375f736e2a9571799f
-
SHA1
7a4cce738022c8029c3d1b4f5e7266cd6ac4a48a
-
SHA256
8a8c22f532003426966f40a78e7bf11a0cde251f995dadf7e1a65e8c81c9008e
-
SHA512
3d0182207619d036d944266c7ef50bd97ff2389d4add1ff266a59401ff743aa7dd2c53372b30f4f145431c06aea981f71855c0ff751a6d3a02153ebb06935abe
Static task
static1
Behavioral task
behavioral1
Sample
ORDER-021406_pdf.jar
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ORDER-021406_pdf.jar
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
Order.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
Order.xlsx
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
ORDER-021406_pdf.jar
-
Size
115KB
-
MD5
9b1704c9472dec7f1a64667093192a29
-
SHA1
0412046a5e917a5773043db094e6088897e00519
-
SHA256
0f081b6ad1242ba0528e7f7058c0f98ec52299272d63844735fa6574ba7ecb85
-
SHA512
c26b7b6a9ac198f55cf1b832557cc71d03a4fdec0c3f754d1b8762fee359c4191905904e6ebaebf0abfc16c710912437c9ceb6527b5c43ae17996b46368962a1
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE DTLoader Binary Request M2
suricata: ET MALWARE DTLoader Binary Request M2
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Order.xlsx
-
Size
7KB
-
MD5
babea5182cea94bafda9a125c71f0b33
-
SHA1
fa449309136bb8d7a05ccab8aec4c2d85d2e6f65
-
SHA256
1f1bf58d07b84d0981d6226e8a9cce01526f37b1ca8472f66398b2fa370c8e72
-
SHA512
d7d6d0fe02508dcd3705384c205b69f128a75f4196ab0f14be820b007f0c097d3490b73fffc93a81c855645fa1a28a63f8027baa68fee56efe959810e2476297
Score4/10 -