General

  • Target

    827d17ea8908eee608affcbf9a41a4a8.bin

  • Size

    1.2MB

  • Sample

    240621-dhvsqs1bjj

  • MD5

    827d17ea8908eee608affcbf9a41a4a8

  • SHA1

    082df822af7674e9851f707a11eb948d9dd3107b

  • SHA256

    12afbeae36c86ffa1781c6faac9cd3b460fe5835c55b901e7ec28e39df418d5e

  • SHA512

    71d6039b72fb1c31f47233d8706fc846da76016f8f99bf550b9933add346e4f6847ae2f9d26dd0ebbde5beb2ad1d4690e1b29a2761fd2232345f9657cb89722e

  • SSDEEP

    24576:0AHnh+eWsN3skA4RV1Hom2KXMmHaoXBKqF3Qb11YDO1Qo95:Dh+ZkldoPK8YaokqFWoDn6

Malware Config

Targets

    • Target

      827d17ea8908eee608affcbf9a41a4a8.bin

    • Size

      1.2MB

    • MD5

      827d17ea8908eee608affcbf9a41a4a8

    • SHA1

      082df822af7674e9851f707a11eb948d9dd3107b

    • SHA256

      12afbeae36c86ffa1781c6faac9cd3b460fe5835c55b901e7ec28e39df418d5e

    • SHA512

      71d6039b72fb1c31f47233d8706fc846da76016f8f99bf550b9933add346e4f6847ae2f9d26dd0ebbde5beb2ad1d4690e1b29a2761fd2232345f9657cb89722e

    • SSDEEP

      24576:0AHnh+eWsN3skA4RV1Hom2KXMmHaoXBKqF3Qb11YDO1Qo95:Dh+ZkldoPK8YaokqFWoDn6

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Tasks