Overview

overview

10

Static

static

10

Petya.exe

windows10-2004_x64

10

Resubmissions

28-05-2022 09:40

220528-lnm9vaggek 10

26-05-2022 13:49

220526-q4qr5abhh8 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Petya.exe

  • Size

    266KB

  • Sample

    220528-lnm9vaggek

  • MD5

    505e38e344f45ea9ff9c9b560d851c1e

  • SHA1

    c5e934de62fbbad105eef0ec1b533ca00aba05b0

  • SHA256

    4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5

  • SHA512

    6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689

Score
10/10
neshtabootkitpersistencespyware

Malware Config

Targets

    • Target

      Petya.exe

    • Size

      266KB

    • MD5

      505e38e344f45ea9ff9c9b560d851c1e

    • SHA1

      c5e934de62fbbad105eef0ec1b533ca00aba05b0

    • SHA256

      4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5

    • SHA512

      6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689

    Score
    10/10
    neshtabootkitpersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks