General
-
Target
1.exe
-
Size
851KB
-
Sample
220801-sj5fwsbefm
-
MD5
286099dac2f03c7764d9fc6d8c5e02e2
-
SHA1
eedd56af4f225f991eb63f37597d7ab6e4abeac7
-
SHA256
4d6bee9938b85e65fabba0b920efcff479e565ebbdd91a7d6a631fa7475e9f74
-
SHA512
63cf51afd8a4cf8c8afdb498dbf589b12b86c8b978313e9a41ad9dbf1f511cac55b938fa479b8d76e1330df7b7dd6c5be94759165467eb234d6dbc5380edc3b9
Malware Config
Targets
-
-
Target
1.exe
-
Size
851KB
-
MD5
286099dac2f03c7764d9fc6d8c5e02e2
-
SHA1
eedd56af4f225f991eb63f37597d7ab6e4abeac7
-
SHA256
4d6bee9938b85e65fabba0b920efcff479e565ebbdd91a7d6a631fa7475e9f74
-
SHA512
63cf51afd8a4cf8c8afdb498dbf589b12b86c8b978313e9a41ad9dbf1f511cac55b938fa479b8d76e1330df7b7dd6c5be94759165467eb234d6dbc5380edc3b9
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-