General
-
Target
aaaa.exe
-
Size
3.3MB
-
Sample
230916-vdyr9seg59
-
MD5
b6a18b64ba64922793c6849464a26332
-
SHA1
883da851ff68f948ab237679e0df43561bab0a18
-
SHA256
073d21d343ad5ea56b3a94e49a1a4e7c1ecb3c4a3e4aae167cd30d22b794ca6c
-
SHA512
e8c0204eb07cd66960e3648435570afa63a5e7654d19092d89213e151ef8cddce3d333c8244bf60f3710e26507d333e0bf6b34d8f5aff3f90d237b9df61675d3
-
SSDEEP
98304:P9qUaXiv7NMhB0qCp1KOU/Yqd0AuU0wA:P9Cy2hBOcgqd0G
Static task
static1
Behavioral task
behavioral1
Sample
aaaa.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
aaaa.exe
-
Size
3.3MB
-
MD5
b6a18b64ba64922793c6849464a26332
-
SHA1
883da851ff68f948ab237679e0df43561bab0a18
-
SHA256
073d21d343ad5ea56b3a94e49a1a4e7c1ecb3c4a3e4aae167cd30d22b794ca6c
-
SHA512
e8c0204eb07cd66960e3648435570afa63a5e7654d19092d89213e151ef8cddce3d333c8244bf60f3710e26507d333e0bf6b34d8f5aff3f90d237b9df61675d3
-
SSDEEP
98304:P9qUaXiv7NMhB0qCp1KOU/Yqd0AuU0wA:P9Cy2hBOcgqd0G
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1