General
-
Target
Pw_External.exe
-
Size
1016KB
-
Sample
220908-t68x9sccbk
-
MD5
b51bbbef95e592e828a96265e1f4a1a3
-
SHA1
8a5d42651cb0b31879b58c1fefdec63f7ca6a9d2
-
SHA256
7fb53defbc52a007babaadac3bb8371cca58c0c3ffdf74572bd60515ac0f2578
-
SHA512
ff228a28377a0a6a2d13922ea9e3ec6370b81262987cd0e96502058a7950971e70fde4f7fec0f3d7cf616a30965d2b795292da9d950180a5d3f0fba14b0efbe7
-
SSDEEP
24576:/w+uVptKNyhFk4EaKLDTBgQWpE5reR38E3xRKe:Y+uVptJXEaKLDT1GCreR39Ke
Static task
static1
Behavioral task
behavioral1
Sample
Pw_External.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Pw_External.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Pw_External.exe
-
Size
1016KB
-
MD5
b51bbbef95e592e828a96265e1f4a1a3
-
SHA1
8a5d42651cb0b31879b58c1fefdec63f7ca6a9d2
-
SHA256
7fb53defbc52a007babaadac3bb8371cca58c0c3ffdf74572bd60515ac0f2578
-
SHA512
ff228a28377a0a6a2d13922ea9e3ec6370b81262987cd0e96502058a7950971e70fde4f7fec0f3d7cf616a30965d2b795292da9d950180a5d3f0fba14b0efbe7
-
SSDEEP
24576:/w+uVptKNyhFk4EaKLDTBgQWpE5reR38E3xRKe:Y+uVptJXEaKLDT1GCreR39Ke
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-