General
-
Target
781d0c8261c34c71edef1b6e6f1ddf8fe122857799fd5e4375a69bc2c5af01c2
-
Size
200KB
-
Sample
221202-r2sz5sbf7z
-
MD5
46dfcadc84fb0c9fe11db532862d11c2
-
SHA1
34f6a2904e5a846182fb814eeda8d5b626155ecb
-
SHA256
781d0c8261c34c71edef1b6e6f1ddf8fe122857799fd5e4375a69bc2c5af01c2
-
SHA512
c8ad6538a32300c293b0ed131f3f269bbdede737fe4e9f24b909588ce681a30d6b17d0a4c6dbd245410cb44caeb08e2457b5d01ecca54c27272dbc7eb4592c91
-
SSDEEP
3072:sr85CoxyVnojUWzawn3HRVysGCSgcyd7t9BrFr:k9oIV9WzaO3HDys3Bv19
Behavioral task
behavioral1
Sample
781d0c8261c34c71edef1b6e6f1ddf8fe122857799fd5e4375a69bc2c5af01c2.exe
Resource
win7-20221111-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
781d0c8261c34c71edef1b6e6f1ddf8fe122857799fd5e4375a69bc2c5af01c2
-
Size
200KB
-
MD5
46dfcadc84fb0c9fe11db532862d11c2
-
SHA1
34f6a2904e5a846182fb814eeda8d5b626155ecb
-
SHA256
781d0c8261c34c71edef1b6e6f1ddf8fe122857799fd5e4375a69bc2c5af01c2
-
SHA512
c8ad6538a32300c293b0ed131f3f269bbdede737fe4e9f24b909588ce681a30d6b17d0a4c6dbd245410cb44caeb08e2457b5d01ecca54c27272dbc7eb4592c91
-
SSDEEP
3072:sr85CoxyVnojUWzawn3HRVysGCSgcyd7t9BrFr:k9oIV9WzaO3HDys3Bv19
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-