General
-
Target
retakedesign.exe
-
Size
7.4MB
-
Sample
220303-nbh6gacfbn
-
MD5
6f14ad4e2a863b0723ee5067b0e3bd0e
-
SHA1
d4d74255e4d8f66d84e8b42f90cb00c0f66c5914
-
SHA256
68bfdae82e42906e8c94f4e81c09c20609113c2d9cfdbf328ee5aaf783931e05
-
SHA512
94d1deaf5bb6196244099c1ce5889c1a6f391939f692f521d388a8627c9831310392286a6de5a4d49d03f7faed91c88f1c551367151600b5d6ad71b963d944ab
Static task
static1
Behavioral task
behavioral1
Sample
retakedesign.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
retakedesign.exe
-
Size
7.4MB
-
MD5
6f14ad4e2a863b0723ee5067b0e3bd0e
-
SHA1
d4d74255e4d8f66d84e8b42f90cb00c0f66c5914
-
SHA256
68bfdae82e42906e8c94f4e81c09c20609113c2d9cfdbf328ee5aaf783931e05
-
SHA512
94d1deaf5bb6196244099c1ce5889c1a6f391939f692f521d388a8627c9831310392286a6de5a4d49d03f7faed91c88f1c551367151600b5d6ad71b963d944ab
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-