General
-
Target
kam.cmd
-
Size
6KB
-
Sample
240523-w8w3laca89
-
MD5
c32ba3b07c8f7fec2d3b665e6c7b721e
-
SHA1
b4b05b772cfa9350934afffc9dcd9dc97593978e
-
SHA256
320f6b10cd2c34a8bb6387e19f19746f84eeb95e6b5dcae97e7c78b47782ade9
-
SHA512
16e043dfbc62e16388a8c5557247dff151ee6458aa609dc83d71b8b99fb78d4483de4500c4487e40c3c194a6e96a0a839e07f7bba7bbd6ef1876b5f90fda9f64
-
SSDEEP
96:cQYS1jOk72delutVRuj9cGXDHwKx7l9VPl73Y1gyMc1jTCc9WGwqdyl7doL:Q1c2deeVwDTHtx7hPl73U91CsWGw1qL
Malware Config
Targets
-
-
Target
kam.cmd
-
Size
6KB
-
MD5
c32ba3b07c8f7fec2d3b665e6c7b721e
-
SHA1
b4b05b772cfa9350934afffc9dcd9dc97593978e
-
SHA256
320f6b10cd2c34a8bb6387e19f19746f84eeb95e6b5dcae97e7c78b47782ade9
-
SHA512
16e043dfbc62e16388a8c5557247dff151ee6458aa609dc83d71b8b99fb78d4483de4500c4487e40c3c194a6e96a0a839e07f7bba7bbd6ef1876b5f90fda9f64
-
SSDEEP
96:cQYS1jOk72delutVRuj9cGXDHwKx7l9VPl73Y1gyMc1jTCc9WGwqdyl7doL:Q1c2deeVwDTHtx7hPl73U91CsWGw1qL
Score10/10-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-