General
-
Target
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
-
Size
133KB
-
Sample
220305-wykxksghc7
-
MD5
65a875267a495f0b3f54b4155b23ac01
-
SHA1
0c1ce34b1e4c24bfd410c224d86cf3edcfb3a258
-
SHA256
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
-
SHA512
eb481ecdfde628b7fd1f8e9fa1312b771b8093d310d6432960e4c158f47a7f409dcc91ae2a158c263b1e0eeaf09fc2e0b00d3ff3ba40672b088c6a98539f39b6
Static task
static1
Behavioral task
behavioral1
Sample
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
-
Size
133KB
-
MD5
65a875267a495f0b3f54b4155b23ac01
-
SHA1
0c1ce34b1e4c24bfd410c224d86cf3edcfb3a258
-
SHA256
af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
-
SHA512
eb481ecdfde628b7fd1f8e9fa1312b771b8093d310d6432960e4c158f47a7f409dcc91ae2a158c263b1e0eeaf09fc2e0b00d3ff3ba40672b088c6a98539f39b6
Score10/10-
Detect Neshta Payload
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-