General
-
Target
delphi.exe
-
Size
240KB
-
Sample
220801-na4qsaffg3
-
MD5
dccb52f53448142fab5718a6bd7e5a6b
-
SHA1
01a9487c037ab9e32709355254932e881d3cc444
-
SHA256
19c9f9cbfe761001bd796973fb4f72e35175e477b7d5677b2e15ec7d223e5834
-
SHA512
906174c88655825323700ce234bfd6679f9b13ddfc0b6d0b3e2bd4f5efdd6295cd18d9a347de8b85fbdc6bc83d5832bb7ebcbee83dea2c0e20f03117f0f5a1df
Behavioral task
behavioral1
Sample
delphi.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
delphi.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
oski
cybersd.axfree.com
Targets
-
-
Target
delphi.exe
-
Size
240KB
-
MD5
dccb52f53448142fab5718a6bd7e5a6b
-
SHA1
01a9487c037ab9e32709355254932e881d3cc444
-
SHA256
19c9f9cbfe761001bd796973fb4f72e35175e477b7d5677b2e15ec7d223e5834
-
SHA512
906174c88655825323700ce234bfd6679f9b13ddfc0b6d0b3e2bd4f5efdd6295cd18d9a347de8b85fbdc6bc83d5832bb7ebcbee83dea2c0e20f03117f0f5a1df
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-