General
-
Target
9f14040a8875531ea00aa6f5aa90f218.bin
-
Size
62KB
-
Sample
230308-bxl32add53
-
MD5
3c8b18876cfa321bb537733a38d9e92e
-
SHA1
12fcc3ad5bca392c48f02391a87b467a3fa7afae
-
SHA256
c3e4454ed84f437e335a5173a57beef7b65da2671470dbf13624c1616c98216b
-
SHA512
e559ad10fd670759b8c62ae25f6a8c06c58cd3e7d798f96faddc20800868923b83ffe8bc5e18fb40154085953b6d2cce8715b5c1dcb04ce2bef93534a3486421
-
SSDEEP
1536:aqjj6SewqZ7c3v8SNEqkTYmf2wTX3/2FGXCp:aq6MENTYmftXv2FCCp
Behavioral task
behavioral1
Sample
b5475975e30be3c1ff6c97d148def1287dc3a0341d546198df85dbb66c1b6ffa.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b5475975e30be3c1ff6c97d148def1287dc3a0341d546198df85dbb66c1b6ffa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\info.hta
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
http://www.w3.org/TR/html4/strict.dtd'>
Targets
-
-
Target
b5475975e30be3c1ff6c97d148def1287dc3a0341d546198df85dbb66c1b6ffa.exe
-
Size
96KB
-
MD5
9f14040a8875531ea00aa6f5aa90f218
-
SHA1
caf2ae5b2b2d86e4cb52e03079c4ef82ed1c57d5
-
SHA256
b5475975e30be3c1ff6c97d148def1287dc3a0341d546198df85dbb66c1b6ffa
-
SHA512
b93dfcdb6cb903509255386201fd2c916f7fdaceb505fe73626f9bf71d8b2a6cb56c9e553dc0a9961eb8ff52172265c74510b26d2e0a7b1e82c687a637370817
-
SSDEEP
1536:JxqjQ+P04wsmJC7hVNtZHH9ANeRBl5PT/rx1mzwRMSTdLpJyM:sr85CFHWQRrmzwR5Jn
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-