General
-
Target
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf
-
Size
1.3MB
-
Sample
220212-aschcseae2
-
MD5
1dff6d9b042d47e9b040f8dffee2112a
-
SHA1
24c725042eb2a384814e8a4f2c1178be14f4c71f
-
SHA256
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf
-
SHA512
243d0e03738bfa7b9013258fda08f7eee3bd2a3aa187b01c2808956467182f0bd93ab2415c73ba9b006e2baa0f319dbb83c14c616ceb2536df8800cc5e184162
Static task
static1
Behavioral task
behavioral1
Sample
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Read-Me.txt
Targets
-
-
Target
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf
-
Size
1.3MB
-
MD5
1dff6d9b042d47e9b040f8dffee2112a
-
SHA1
24c725042eb2a384814e8a4f2c1178be14f4c71f
-
SHA256
893b9c6d05afc9ff72c4d5239b015c40833944243c0365cd156cd37689a922cf
-
SHA512
243d0e03738bfa7b9013258fda08f7eee3bd2a3aa187b01c2808956467182f0bd93ab2415c73ba9b006e2baa0f319dbb83c14c616ceb2536df8800cc5e184162
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-