General
-
Target
1553c72c054079021dafe5e75485d40a54190c0ef703c1f3cff2562f672dd083
-
Size
372KB
-
Sample
221125-wtgpcshb61
-
MD5
5b6ac5009f673f832cfe8d8c03d778d7
-
SHA1
8291a917109624de5d07613838726419debd2ec6
-
SHA256
1553c72c054079021dafe5e75485d40a54190c0ef703c1f3cff2562f672dd083
-
SHA512
3199749f96685c37a33e52b35c87ef612cd1d21dadf941b28b36397ec182abc2b24989132e891895dba93c5bf5338fc64959391bec72d4695b3caa1ccd6ecc59
-
SSDEEP
6144:c3zrxfCHUjFKAFy8vYMpZ2maXeeeCOQa/H6Jv4rsGS71HL/CBniKYTmQkVKFDGuG:+xqilFy8heeT/Qv4rDS7RL/+iKYyQz/G
Behavioral task
behavioral1
Sample
Monkey Island Crypter/Island.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Monkey Island Crypter/Island.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Monkey Island Crypter/Merged.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Monkey Island Crypter/Merged.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Monkey Island Crypter/Island.exe
-
Size
88KB
-
MD5
d9a9ea1c848793138f91e029122a3c64
-
SHA1
95b4c2d7c98948ce1773e90ec4740fe132e34350
-
SHA256
da2aacbd755c284e1122aac8fd3ca5772cce04a13c5c62119770aa1cf3687d87
-
SHA512
73f290a45cfe68aba845297222ada09160fc607f0d1d6dfb0bebae9918295df4127a425a7ff70fa9c4c4ea49a4e430788f436cf7c234ea65bf828d2bb422f6cb
-
SSDEEP
768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ1zOXhN2Mnsk2yg3fZ9+Rj3qDHLxdc0:JxqjQ+P04wsmJCmzOm9+Z3qDFS
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Monkey Island Crypter/Merged.exe
-
Size
455KB
-
MD5
9b94fed379a1df2b83fdbef292a5c2ef
-
SHA1
6b6e18e90afaa434b7d8a5dbc27a187b71324180
-
SHA256
f6adf8932350281f08f2357eb2ed14d2e2ace877b33f8e1d521c9ab04f227643
-
SHA512
c5b4c1ab96ebebe32c9dd43a6832176b70ec0e3ee0c7cf6f78c55989e6be2648f21fa6b0af6db96e52b54c4fa7c1d86c65afc8c465e262496e5d7b731d349cdc
-
SSDEEP
12288:mU9sjjUzqAApXhTRhGgJpcmWnour2ub2IxyuK79+:pzKX9R8gJpcmqoDumuKI
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-