General
-
Target
94956964d267c2391dd6799689b39054f320f8ff8b2f01c5985d63ffce910eb7
-
Size
1.6MB
-
Sample
221130-h3xv2sbg5v
-
MD5
172b508f760ff844fc31e44d761d289c
-
SHA1
a43ec1760b278bb434b6e61da41002d410a7aa5d
-
SHA256
94956964d267c2391dd6799689b39054f320f8ff8b2f01c5985d63ffce910eb7
-
SHA512
fbafbfa36796918ac64a4a5148ba5f14cc5536f2eb4ad052350420dc9b33ff457a15a21ba121accf463f62af7f6c37aceca70124df6c78f9401630c5daa15824
-
SSDEEP
24576:4t+wU3uLfA7l+yUx+tRnCbSQnn8P2ubdWlm4yol+3L3aaQtpE4RYCOs:I831l+yUGzQn22WD4kb8tOs
Static task
static1
Behavioral task
behavioral1
Sample
94956964d267c2391dd6799689b39054f320f8ff8b2f01c5985d63ffce910eb7.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
94956964d267c2391dd6799689b39054f320f8ff8b2f01c5985d63ffce910eb7
-
Size
1.6MB
-
MD5
172b508f760ff844fc31e44d761d289c
-
SHA1
a43ec1760b278bb434b6e61da41002d410a7aa5d
-
SHA256
94956964d267c2391dd6799689b39054f320f8ff8b2f01c5985d63ffce910eb7
-
SHA512
fbafbfa36796918ac64a4a5148ba5f14cc5536f2eb4ad052350420dc9b33ff457a15a21ba121accf463f62af7f6c37aceca70124df6c78f9401630c5daa15824
-
SSDEEP
24576:4t+wU3uLfA7l+yUx+tRnCbSQnn8P2ubdWlm4yol+3L3aaQtpE4RYCOs:I831l+yUGzQn22WD4kb8tOs
-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-