General
-
Target
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b
-
Size
510KB
-
Sample
220612-nd85nsdff5
-
MD5
3df02e64659fedacf825ada69c2991b1
-
SHA1
7ec75acbb60f83f627f37027c6e6f29b7dfbd025
-
SHA256
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b
-
SHA512
a8efc24ca96312e67aac2498c45b1ab2a67ba2e4fdbfb1390e8bda65588147fe68e6c2b5fedece783f5a72d79d4cd9df901b4be6904fd2a2dcc0d2ff8f449ae9
Static task
static1
Behavioral task
behavioral1
Sample
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b
-
Size
510KB
-
MD5
3df02e64659fedacf825ada69c2991b1
-
SHA1
7ec75acbb60f83f627f37027c6e6f29b7dfbd025
-
SHA256
20cec0ab1019d005e76b8aafa3f7b3fe09e6e9bd981519f20ebb71c8e891395b
-
SHA512
a8efc24ca96312e67aac2498c45b1ab2a67ba2e4fdbfb1390e8bda65588147fe68e6c2b5fedece783f5a72d79d4cd9df901b4be6904fd2a2dcc0d2ff8f449ae9
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-