General
-
Target
f7c82635ca7d853d5a1cd59d1b539af1b0d4bb4580c5b3bcf2e1f35d03a388ec
-
Size
136KB
-
Sample
221129-jx5jdaah48
-
MD5
c6bfb172211360367053fbd5f65655de
-
SHA1
693449073331dacef7bc0ae97afd5da26a1f602e
-
SHA256
f7c82635ca7d853d5a1cd59d1b539af1b0d4bb4580c5b3bcf2e1f35d03a388ec
-
SHA512
a227c8952078c5a9faeed0e4fb9c7c832397585650d57591d8ce756457f39d417fda368205e04fbe2197ad8f40106d3a5b4c2b02f80790d0610819046ae22409
-
SSDEEP
1536:JxqjQ+P04wsmJCdHfqS+lPwXvOdaBYD4OKUcNz8GQGZT524ut/skr+dExmX8Wwb:sr85CdT+l4/KaBYDr9GX9w4whkExs8WW
Behavioral task
behavioral1
Sample
f7c82635ca7d853d5a1cd59d1b539af1b0d4bb4580c5b3bcf2e1f35d03a388ec.exe
Resource
win7-20221111-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f7c82635ca7d853d5a1cd59d1b539af1b0d4bb4580c5b3bcf2e1f35d03a388ec
-
Size
136KB
-
MD5
c6bfb172211360367053fbd5f65655de
-
SHA1
693449073331dacef7bc0ae97afd5da26a1f602e
-
SHA256
f7c82635ca7d853d5a1cd59d1b539af1b0d4bb4580c5b3bcf2e1f35d03a388ec
-
SHA512
a227c8952078c5a9faeed0e4fb9c7c832397585650d57591d8ce756457f39d417fda368205e04fbe2197ad8f40106d3a5b4c2b02f80790d0610819046ae22409
-
SSDEEP
1536:JxqjQ+P04wsmJCdHfqS+lPwXvOdaBYD4OKUcNz8GQGZT524ut/skr+dExmX8Wwb:sr85CdT+l4/KaBYDr9GX9w4whkExs8WW
-
Detect Neshta payload
-
Modifies firewall policy service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-