General
-
Target
185651505b12be27cdcbaee3d10176690b476ce6ff9a67662aa7ecbe7f7325ca
-
Size
217KB
-
Sample
220630-vqbhhafcb5
-
MD5
3ae2cf56a22bdd23e42fa1bf66b4addf
-
SHA1
816afdd594f61dd96712ed2972cf5189f30fab09
-
SHA256
185651505b12be27cdcbaee3d10176690b476ce6ff9a67662aa7ecbe7f7325ca
-
SHA512
94f9e6d05713011053ee30be1b83528072c46def6792c23d6af3ec8146a5b2885e946f00d2f5fd205ee5d760d5cff99696900e7eecba7f378f4f5c26e2ebf543
Static task
static1
Behavioral task
behavioral1
Sample
185651505b12be27cdcbaee3d10176690b476ce6ff9a67662aa7ecbe7f7325ca.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
185651505b12be27cdcbaee3d10176690b476ce6ff9a67662aa7ecbe7f7325ca
-
Size
217KB
-
MD5
3ae2cf56a22bdd23e42fa1bf66b4addf
-
SHA1
816afdd594f61dd96712ed2972cf5189f30fab09
-
SHA256
185651505b12be27cdcbaee3d10176690b476ce6ff9a67662aa7ecbe7f7325ca
-
SHA512
94f9e6d05713011053ee30be1b83528072c46def6792c23d6af3ec8146a5b2885e946f00d2f5fd205ee5d760d5cff99696900e7eecba7f378f4f5c26e2ebf543
-
Detect Neshta Payload
-
Gh0st RAT payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-