Overview

overview

10

Static

static

1

kam.cmd

windows7-x64

10

kam.cmd

windows10-1703-x64

10

kam.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kam.cmd

  • Size

    6KB

  • Sample

    240523-wn795abc74

  • MD5

    c7b720a0f6bffebe027826a2508c52dc

  • SHA1

    41b21cdcd0afd9363d1c79202d687c65fc6128b4

  • SHA256

    c67dbe7d1bfb36fcab8391ea0728382445c106fb08ad19f9a3fb3777cdef5562

  • SHA512

    4e519b29716116807d312aa87453f57eca6893dc84fb4a761ac569c240b5ef617854f6f14a1bcac00ebf9e142ecb0d9d437d48a3542f5cae5bf6d09e5050c199

  • SSDEEP

    96:549QmKe2Eb8DxZzthv2iDf8r0dMxmr8BhG+ZmrJ2iCzs:5Le2BYPSE5dlzs

Score
10/10
neshtaexecutionpersistencespyware

Malware Config

Targets

    • Target

      kam.cmd

    • Size

      6KB

    • MD5

      c7b720a0f6bffebe027826a2508c52dc

    • SHA1

      41b21cdcd0afd9363d1c79202d687c65fc6128b4

    • SHA256

      c67dbe7d1bfb36fcab8391ea0728382445c106fb08ad19f9a3fb3777cdef5562

    • SHA512

      4e519b29716116807d312aa87453f57eca6893dc84fb4a761ac569c240b5ef617854f6f14a1bcac00ebf9e142ecb0d9d437d48a3542f5cae5bf6d09e5050c199

    • SSDEEP

      96:549QmKe2Eb8DxZzthv2iDf8r0dMxmr8BhG+ZmrJ2iCzs:5Le2BYPSE5dlzs

    Score
    10/10
    neshtaexecutionpersistencespyware

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks