General
-
Target
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
Size
298KB
-
Sample
220626-3w8n7afdbl
-
MD5
1a89b7d4fb8ded72e1f8e81ee9352262
-
SHA1
3124893ffd96050e924ad003704c6144fde50ac3
-
SHA256
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
SHA512
77edf5e933116f190d8aec898c53d2ce93b8f12a1e5991eb2eb94f2c8527a82744308a5c093a238cf1d04de63080f2b37e167343531931c2e682e404a0ec2f0a
Static task
static1
Behavioral task
behavioral1
Sample
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
canon222.aiq.ru - Port:
21 - Username:
u380797 - Password:
wly1fs7n
Targets
-
-
Target
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
Size
298KB
-
MD5
1a89b7d4fb8ded72e1f8e81ee9352262
-
SHA1
3124893ffd96050e924ad003704c6144fde50ac3
-
SHA256
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
SHA512
77edf5e933116f190d8aec898c53d2ce93b8f12a1e5991eb2eb94f2c8527a82744308a5c093a238cf1d04de63080f2b37e167343531931c2e682e404a0ec2f0a
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-