General
-
Target
60465914.exe
-
Size
7KB
-
Sample
220830-n7116agegn
-
MD5
89d9a7ee75426a206285fc1ea1e61799
-
SHA1
2d899ec77033800ab766e341f2720211daebee43
-
SHA256
9d3d338dd1d6aab6b3bd08e5f03d320f48c789fc15e38a3f95c8385fafac7290
-
SHA512
a7d88742d92bf474e6ac14614558f9d0c328f1a60fcd05cabec0146388db2f7f609437ee9b7cdf4c0d4cec4671ad05d26138ba12acc95ae1d261be45743f2fdb
-
SSDEEP
96:0aT2YajXyBhqyV7vgolexDSknogamFKLXmMxWm8AbRcTBqYt8XUtMVzNt:3T2+qyVoorLXkm8cRcTBqbXUCv
Malware Config
Targets
-
-
Target
60465914.exe
-
Size
7KB
-
MD5
89d9a7ee75426a206285fc1ea1e61799
-
SHA1
2d899ec77033800ab766e341f2720211daebee43
-
SHA256
9d3d338dd1d6aab6b3bd08e5f03d320f48c789fc15e38a3f95c8385fafac7290
-
SHA512
a7d88742d92bf474e6ac14614558f9d0c328f1a60fcd05cabec0146388db2f7f609437ee9b7cdf4c0d4cec4671ad05d26138ba12acc95ae1d261be45743f2fdb
-
SSDEEP
96:0aT2YajXyBhqyV7vgolexDSknogamFKLXmMxWm8AbRcTBqYt8XUtMVzNt:3T2+qyVoorLXkm8cRcTBqbXUCv
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-