General
-
Target
9a49c739b0528015f5544faf8d646d0e32f40868f4b61becb5f6fcb7892f91db
-
Size
1.6MB
-
Sample
221119-ngmqvadc2x
-
MD5
447643ba5585ca6703920221de608b49
-
SHA1
bc6a562394b0f8c530ca12cd4628a227c7e76e98
-
SHA256
9a49c739b0528015f5544faf8d646d0e32f40868f4b61becb5f6fcb7892f91db
-
SHA512
993b12fa5ab9c43297a20cbed0db2e3b66342927fe32d1e07e9e03a6c9cae4741d5bff179bc88e7fc79a1fd76748f097a3c51bd4e009136c67d43dba6dd054e7
-
SSDEEP
24576:TOr9XYbYfcZ892tQ5tBBJiUebUbJ/tuZwlKd6BAcjF9RnwgqYkmslV18tHloN:TyXYbWU8tBLebOJ1uuKd6aC3q2slVCU
Behavioral task
behavioral1
Sample
9a49c739b0528015f5544faf8d646d0e32f40868f4b61becb5f6fcb7892f91db.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
9a49c739b0528015f5544faf8d646d0e32f40868f4b61becb5f6fcb7892f91db
-
Size
1.6MB
-
MD5
447643ba5585ca6703920221de608b49
-
SHA1
bc6a562394b0f8c530ca12cd4628a227c7e76e98
-
SHA256
9a49c739b0528015f5544faf8d646d0e32f40868f4b61becb5f6fcb7892f91db
-
SHA512
993b12fa5ab9c43297a20cbed0db2e3b66342927fe32d1e07e9e03a6c9cae4741d5bff179bc88e7fc79a1fd76748f097a3c51bd4e009136c67d43dba6dd054e7
-
SSDEEP
24576:TOr9XYbYfcZ892tQ5tBBJiUebUbJ/tuZwlKd6BAcjF9RnwgqYkmslV18tHloN:TyXYbWU8tBLebOJ1uuKd6aC3q2slVCU
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-