General
-
Target
sample
-
Size
20KB
-
Sample
240521-ycbswsgd2z
-
MD5
a8fc55b6ee3c9fcd65a8a64ae485ffa6
-
SHA1
afd0a49b3dfa925d42b4bc89b9812b5f259b3cb6
-
SHA256
e0bba21b77d1a61024dc6d38aae6306df0368abadcd6333a6d73edf4ccb2a267
-
SHA512
400f27f5892db8bc2308868673160823f256577e8f4ed6a6fb1bed24b7b37853e0ad937ab2ae16b12f49e24c2fc1d7e530c0600ba9aa96dcd6ce188eafbf0734
-
SSDEEP
384:rvUDDpmReVoOs4Di9ylKeGMJU8HhhbFNELZ77o2paWhOwob06+XIJCgMmV6:rvUDBVoOs4DmyI1MdBhbLc6WhOwob0wg
Malware Config
Targets
-
-
Target
sample
-
Size
20KB
-
MD5
a8fc55b6ee3c9fcd65a8a64ae485ffa6
-
SHA1
afd0a49b3dfa925d42b4bc89b9812b5f259b3cb6
-
SHA256
e0bba21b77d1a61024dc6d38aae6306df0368abadcd6333a6d73edf4ccb2a267
-
SHA512
400f27f5892db8bc2308868673160823f256577e8f4ed6a6fb1bed24b7b37853e0ad937ab2ae16b12f49e24c2fc1d7e530c0600ba9aa96dcd6ce188eafbf0734
-
SSDEEP
384:rvUDDpmReVoOs4Di9ylKeGMJU8HhhbFNELZ77o2paWhOwob06+XIJCgMmV6:rvUDBVoOs4DmyI1MdBhbLc6WhOwob0wg
Score10/10-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1