General
-
Target
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a
-
Size
226KB
-
Sample
221202-r228tabf9z
-
MD5
26be89e7461f820c28e795f15875c400
-
SHA1
f2a7c70b98993aa889a7accc7fa8945238f11357
-
SHA256
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a
-
SHA512
31793a5864b107f293f2496ec85221a39db013b917a074f8289f6cec69b8d44b0985ca8c50a0098c020ff8cbf36bc2ae1a827dfddd158592b47554c3f847d455
-
SSDEEP
6144:k9HbFePeusvLtNt+00ZSHgche6HR3kk0uX:8eHKBNt+xSpXx3kmX
Behavioral task
behavioral1
Sample
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a
-
Size
226KB
-
MD5
26be89e7461f820c28e795f15875c400
-
SHA1
f2a7c70b98993aa889a7accc7fa8945238f11357
-
SHA256
1861ade663893cedf8c9bfbfbb397220dec8cbc0bf7773c4a042d0bab07d5f2a
-
SHA512
31793a5864b107f293f2496ec85221a39db013b917a074f8289f6cec69b8d44b0985ca8c50a0098c020ff8cbf36bc2ae1a827dfddd158592b47554c3f847d455
-
SSDEEP
6144:k9HbFePeusvLtNt+00ZSHgche6HR3kk0uX:8eHKBNt+xSpXx3kmX
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-