General
-
Target
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28
-
Size
644KB
-
Sample
221202-fhm41aef66
-
MD5
5ded28488039ac0caaef106470673dc5
-
SHA1
8423fe1a22ccafab69673be11a683b28fdec3f8a
-
SHA256
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28
-
SHA512
e6ae5ef0519960e64076f17036f23e2f955049ab90698f29f33d0fff9173e4fc0034002b5366f248306793b03c76593c11864fbfc4e8aa4171a2673dffdd6177
-
SSDEEP
3072:JGPFW5ncGtupKj61mG3mQztTcNOtOnX+HVktyqtWB9C26bX6+:qEnc4upKSmG3nTybnXKCt7IzC2i
Static task
static1
Behavioral task
behavioral1
Sample
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
zadrot-css.do.am - Port:
21 - Username:
8zadrot-css - Password:
qwerfake
Targets
-
-
Target
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28
-
Size
644KB
-
MD5
5ded28488039ac0caaef106470673dc5
-
SHA1
8423fe1a22ccafab69673be11a683b28fdec3f8a
-
SHA256
1360a433163123d6090024079d0e243df1ba90160033ac18bd957cf8e28f2c28
-
SHA512
e6ae5ef0519960e64076f17036f23e2f955049ab90698f29f33d0fff9173e4fc0034002b5366f248306793b03c76593c11864fbfc4e8aa4171a2673dffdd6177
-
SSDEEP
3072:JGPFW5ncGtupKj61mG3mQztTcNOtOnX+HVktyqtWB9C26bX6+:qEnc4upKSmG3nTybnXKCt7IzC2i
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-