General
-
Target
b9c417d03289754578824f61d7788c8e1967610d29c9a8a63a53fc22fa366805
-
Size
392KB
-
Sample
221125-w73traad3v
-
MD5
5a1e2e8b2fca5a40ab426bd3f533b3f2
-
SHA1
7f73f23a7b16aa3c8262d76fc30b1e514cfbe7de
-
SHA256
b9c417d03289754578824f61d7788c8e1967610d29c9a8a63a53fc22fa366805
-
SHA512
514e32472eac1ebdf963136e1d80f249e4c097a4926e362697d005f3100add5afd7f76a4e1b59b321800eabe5ab42f0261b318939d5c3d63f60e4ed18fc9d9e2
-
SSDEEP
6144:Pu++THBU7JnFjlJlQ8TM4r0zsaBuxtj/cjAOvP99qqDLuEnIorHSzhl6GkkakJL:9+TIvSGrOsaBuPcjwqnuqI7LaQL
Static task
static1
Behavioral task
behavioral1
Sample
b9c417d03289754578824f61d7788c8e1967610d29c9a8a63a53fc22fa366805.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
b9c417d03289754578824f61d7788c8e1967610d29c9a8a63a53fc22fa366805
-
Size
392KB
-
MD5
5a1e2e8b2fca5a40ab426bd3f533b3f2
-
SHA1
7f73f23a7b16aa3c8262d76fc30b1e514cfbe7de
-
SHA256
b9c417d03289754578824f61d7788c8e1967610d29c9a8a63a53fc22fa366805
-
SHA512
514e32472eac1ebdf963136e1d80f249e4c097a4926e362697d005f3100add5afd7f76a4e1b59b321800eabe5ab42f0261b318939d5c3d63f60e4ed18fc9d9e2
-
SSDEEP
6144:Pu++THBU7JnFjlJlQ8TM4r0zsaBuxtj/cjAOvP99qqDLuEnIorHSzhl6GkkakJL:9+TIvSGrOsaBuPcjwqnuqI7LaQL
-
Modifies firewall policy service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-