General
-
Target
3890b8381d0097b70797e484f40d0df3.exe
-
Size
5.4MB
-
Sample
230807-qph4qsfe32
-
MD5
3890b8381d0097b70797e484f40d0df3
-
SHA1
43f2196a11285902cab38264f64a0fd545161b44
-
SHA256
dfea487c68b65aafc445658ea66473de74997a46a9ebf5b0123d1031a2432305
-
SHA512
f3091690ce65f294b298014dbd4ee8e46f2de302d9aff3ba75c3caf801378debd840b65534f8a8edad58d72a92eb1119379f628e7bff86d63a738b79a945b722
-
SSDEEP
98304:U98aK6oZt3D1RkS5OS0yionLTKnVhoDXDDm4O5DBur00H6qfe:yrK6oLD1GN3Xo6sDX3lUlY0Y6qfe
Behavioral task
behavioral1
Sample
3890b8381d0097b70797e484f40d0df3.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
3890b8381d0097b70797e484f40d0df3.exe
-
Size
5.4MB
-
MD5
3890b8381d0097b70797e484f40d0df3
-
SHA1
43f2196a11285902cab38264f64a0fd545161b44
-
SHA256
dfea487c68b65aafc445658ea66473de74997a46a9ebf5b0123d1031a2432305
-
SHA512
f3091690ce65f294b298014dbd4ee8e46f2de302d9aff3ba75c3caf801378debd840b65534f8a8edad58d72a92eb1119379f628e7bff86d63a738b79a945b722
-
SSDEEP
98304:U98aK6oZt3D1RkS5OS0yionLTKnVhoDXDDm4O5DBur00H6qfe:yrK6oLD1GN3Xo6sDX3lUlY0Y6qfe
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1