General
-
Target
AIDA.exe
-
Size
1.4MB
-
Sample
230526-m8a1pafb52
-
MD5
69eec47380f487567aac36cc35d50826
-
SHA1
8a983e57e7654527cd2827ece8f7d7c81175437e
-
SHA256
b8b827cd176b26afa22b83db2c598961d4f67b454ca87f72774066cf692dab37
-
SHA512
e1fc39f8cd9d41f5a30bd4dcb9b9e9953bb26dee553e84936441a38b15e19e2b93c6f4cb882420ccc722a112a314de2fdc08768cbfc65efbb943ac67c2413182
-
SSDEEP
24576:d4PbCGol1MBz4VrqabgBs/8KmXOoU5Ll7cZFT//yLQxoz4zKot2:ahWAUrqQg632T//Oz4zKR
Malware Config
Targets
-
-
Target
AIDA.exe
-
Size
1.4MB
-
MD5
69eec47380f487567aac36cc35d50826
-
SHA1
8a983e57e7654527cd2827ece8f7d7c81175437e
-
SHA256
b8b827cd176b26afa22b83db2c598961d4f67b454ca87f72774066cf692dab37
-
SHA512
e1fc39f8cd9d41f5a30bd4dcb9b9e9953bb26dee553e84936441a38b15e19e2b93c6f4cb882420ccc722a112a314de2fdc08768cbfc65efbb943ac67c2413182
-
SSDEEP
24576:d4PbCGol1MBz4VrqabgBs/8KmXOoU5Ll7cZFT//yLQxoz4zKot2:ahWAUrqQg632T//Oz4zKR
-
Detect Neshta payload
-
Modifies security service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-