Overview

overview

10

Static

static

10

2024-05-25...ya.exe

windows7-x64

10

2024-05-25...ya.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-25_e1d06e90de3a3ab6203fb32f6000b414_bad-rabbit_doublepulsar_eternalpetya_neshta_notpetya_petrwrap_petya

  • Size

    394KB

  • MD5

    e1d06e90de3a3ab6203fb32f6000b414

  • SHA1

    e616d5022b521eed61299ad17837a29487e92edb

  • SHA256

    efe40ffa7aedbbe1644bc4fce61426ed59594743beac2a1da50820ab0d598987

  • SHA512

    169bba8b1c6cf1ba7f89f7a13bfce134c681115056524a875d781064430e087e64c6db8d488397b048d787d9a5843b6692af4bd4102ee2c071a04a3a58bca778

  • SSDEEP

    12288:2NTS/x9jNG+w+9OqFoK323qdQYKU34/X8:WTS/x9jNg+95vdQaMX8

Score
10/10
neshta

Malware Config

Signatures

  • Detect Neshta payload 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Neshta family
    neshta
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-25_e1d06e90de3a3ab6203fb32f6000b414_bad-rabbit_doublepulsar_eternalpetya_neshta_notpetya_petrwrap_petya
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections