General
-
Target
2023-02-08_918a5b890f6b160d75030ca89cc5117b_neshta_revil_sodinokibi.exe
-
Size
307KB
-
Sample
230209-rx1t7afg55
-
MD5
918a5b890f6b160d75030ca89cc5117b
-
SHA1
be0bfac0f56a1e1ce05e49d006d9c7f694983aff
-
SHA256
7b0673e022585bf4aa208b1e3d215549842fabe78dfeaf9ae0a074a6c05c07fd
-
SHA512
a74ea605b7e79ca092db88569ad8b6e2f65da01077efea1defdeb9bedfaf00a05508d7a7ef6cd135e76f255388b0cb1db95aa8ca679143eccebcc1490e8e8afc
-
SSDEEP
6144:k9eS63VE6F/M4qE15NENn4F1zZeFHi2WGP4rKcO66HKwYmI:p5RqE1Ta4FJQFfWpK7HKZF
Behavioral task
behavioral1
Sample
2023-02-08_918a5b890f6b160d75030ca89cc5117b_neshta_revil_sodinokibi.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2023-02-08_918a5b890f6b160d75030ca89cc5117b_neshta_revil_sodinokibi.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
2023-02-08_918a5b890f6b160d75030ca89cc5117b_neshta_revil_sodinokibi.exe
-
Size
307KB
-
MD5
918a5b890f6b160d75030ca89cc5117b
-
SHA1
be0bfac0f56a1e1ce05e49d006d9c7f694983aff
-
SHA256
7b0673e022585bf4aa208b1e3d215549842fabe78dfeaf9ae0a074a6c05c07fd
-
SHA512
a74ea605b7e79ca092db88569ad8b6e2f65da01077efea1defdeb9bedfaf00a05508d7a7ef6cd135e76f255388b0cb1db95aa8ca679143eccebcc1490e8e8afc
-
SSDEEP
6144:k9eS63VE6F/M4qE15NENn4F1zZeFHi2WGP4rKcO66HKwYmI:p5RqE1Ta4FJQFfWpK7HKZF
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-