Overview

overview

10

Static

static

Dekont_202...df.exe

windows7-x64

10

Dekont_202...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dekont_20220926983636 pdf.exe

  • Size

    107KB

  • Sample

    220927-l2tnsadbf2

  • MD5

    26e2091577b401910c90bf4226c5689e

  • SHA1

    c4e6893bfbed5810a5ad3568ed535b03ce7516bf

  • SHA256

    6602f1c5f952685a673f0b6e108ebdc960fe73c0451fc3a3a05f3323c8c23a5d

  • SHA512

    327c946223dc4510d3bff632d654bfb2032f531a022520e961268fde782787b4d802e514b80c79dccfe15ad6486e412b11722d7fbb16c2a145890bcf1e6b4fa5

  • SSDEEP

    192:/c/lrDtxfakO8nUzAS4W8X9oZdMpjBXwjXjfbi76WxLR5d6vUUoRe:/yrDthakO8UkKZdoqjXjfbi76YRN

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      Dekont_20220926983636 pdf.exe

    • Size

      107KB

    • MD5

      26e2091577b401910c90bf4226c5689e

    • SHA1

      c4e6893bfbed5810a5ad3568ed535b03ce7516bf

    • SHA256

      6602f1c5f952685a673f0b6e108ebdc960fe73c0451fc3a3a05f3323c8c23a5d

    • SHA512

      327c946223dc4510d3bff632d654bfb2032f531a022520e961268fde782787b4d802e514b80c79dccfe15ad6486e412b11722d7fbb16c2a145890bcf1e6b4fa5

    • SSDEEP

      192:/c/lrDtxfakO8nUzAS4W8X9oZdMpjBXwjXjfbi76WxLR5d6vUUoRe:/yrDthakO8UkKZdoqjXjfbi76YRN

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks