General
-
Target
821ac143dd07ba21d1a7546d2b386d6ae9a5472798a1311870d1608b880407a5
-
Size
563KB
-
Sample
221130-avsblaff4w
-
MD5
d7148e66f7d7d2f0be5d4a6edcc002d8
-
SHA1
1933aa95f827f27f0ae8cf9fd0790ab0d1050dc2
-
SHA256
821ac143dd07ba21d1a7546d2b386d6ae9a5472798a1311870d1608b880407a5
-
SHA512
e035439bedecf0a191939acf5778d9a2312a589b93ce666ca1f1aa57963005d53973bc59187e15e7055478656c87d583f03d92cdd3b23e61ad21288b1fb74f5c
-
SSDEEP
12288:isBRjSLvxZqWPo3jTza+YoH34kc9dtj5vHNHXoLLxfBGFP4J:i4iloja+Yp9dtj5vHNHMoJS
Behavioral task
behavioral1
Sample
821ac143dd07ba21d1a7546d2b386d6ae9a5472798a1311870d1608b880407a5.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
821ac143dd07ba21d1a7546d2b386d6ae9a5472798a1311870d1608b880407a5
-
Size
563KB
-
MD5
d7148e66f7d7d2f0be5d4a6edcc002d8
-
SHA1
1933aa95f827f27f0ae8cf9fd0790ab0d1050dc2
-
SHA256
821ac143dd07ba21d1a7546d2b386d6ae9a5472798a1311870d1608b880407a5
-
SHA512
e035439bedecf0a191939acf5778d9a2312a589b93ce666ca1f1aa57963005d53973bc59187e15e7055478656c87d583f03d92cdd3b23e61ad21288b1fb74f5c
-
SSDEEP
12288:isBRjSLvxZqWPo3jTza+YoH34kc9dtj5vHNHXoLLxfBGFP4J:i4iloja+Yp9dtj5vHNHMoJS
-
Detect Neshta payload
-
Modifies firewall policy service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-