General
-
Target
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7
-
Size
4.9MB
-
Sample
240621-2f8htashlh
-
MD5
8db303ff9a82f4dcef13e15ff47696bd
-
SHA1
3c21b59735acf8f0e56c6c668e579b657ac8aa39
-
SHA256
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7
-
SHA512
b0bf9a6e338223aa0f14e64251e09140cc3ee1508320acb257b9c2682e6f632df48a5d288ad0cd3922d151a60ad13f391a4454458c8e40c3d858f0720f8e8539
-
SSDEEP
49152:wnsHyjtk2MYC5GDT37+O+4RTrb/TyvO90d7HjmAFd4A64nsfJ5Wgf/ioNayWbnO6:wnsmtk2a74RJvuyCcX4cEA5Lc
Behavioral task
behavioral1
Sample
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7
-
Size
4.9MB
-
MD5
8db303ff9a82f4dcef13e15ff47696bd
-
SHA1
3c21b59735acf8f0e56c6c668e579b657ac8aa39
-
SHA256
6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7
-
SHA512
b0bf9a6e338223aa0f14e64251e09140cc3ee1508320acb257b9c2682e6f632df48a5d288ad0cd3922d151a60ad13f391a4454458c8e40c3d858f0720f8e8539
-
SSDEEP
49152:wnsHyjtk2MYC5GDT37+O+4RTrb/TyvO90d7HjmAFd4A64nsfJ5Wgf/ioNayWbnO6:wnsmtk2a74RJvuyCcX4cEA5Lc
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1