General
-
Target
a49fb8e2dcc7117513ade566b7599d633e9c122a1f35562cd730f16fab043a3c
-
Size
1.3MB
-
Sample
220701-hnjpwaada4
-
MD5
4b0ea69a5c818637289aab3f1559cc37
-
SHA1
1b56746e5b5dd99037ef81c12410bb6d16ef7f82
-
SHA256
a49fb8e2dcc7117513ade566b7599d633e9c122a1f35562cd730f16fab043a3c
-
SHA512
6da4dd807902369c479c4c0675ce6f1845faf8141e41bf98aecf40ddb2e9bbc80cbcb1f83a29c90aa6faac3029a1bcec4f705e99974ed1519e03bdf057c08a7c
Static task
static1
Behavioral task
behavioral1
Sample
a49fb8e2dcc7117513ade566b7599d633e9c122a1f35562cd730f16fab043a3c.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a49fb8e2dcc7117513ade566b7599d633e9c122a1f35562cd730f16fab043a3c
-
Size
1.3MB
-
MD5
4b0ea69a5c818637289aab3f1559cc37
-
SHA1
1b56746e5b5dd99037ef81c12410bb6d16ef7f82
-
SHA256
a49fb8e2dcc7117513ade566b7599d633e9c122a1f35562cd730f16fab043a3c
-
SHA512
6da4dd807902369c479c4c0675ce6f1845faf8141e41bf98aecf40ddb2e9bbc80cbcb1f83a29c90aa6faac3029a1bcec4f705e99974ed1519e03bdf057c08a7c
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-