General
-
Target
загрузка.zip
-
Size
236KB
-
Sample
240719-nmj7xasbqe
-
MD5
38ccb6ca5020f9a82ea40348b3099614
-
SHA1
1d37498749181a19cb171b9813a51ae4cf288eba
-
SHA256
1ce80b2bb2a5f56573ca7b6f662accea56f4b9e0e3052ddec14fe03364c14dfe
-
SHA512
6b9623c146e4a355e1392e2f29df2b11022f4335726879b5decbfd64909abb41c3a2da7c5876bf2c1f1f43271b5da82b48feca7c6e121112400aa05960c2802d
-
SSDEEP
6144:4ViciKQmZ1w2MAW+WqJIsTxMnWJW0ChyuZ1fKg:4dKmZRnWo7MnW8Jb+g
Static task
static1
Behavioral task
behavioral1
Sample
Cryp_RAT.rtf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Cryp_RAT.rtf
Resource
win10v2004-20240709-en
Malware Config
Extracted
C:\TdGeIqAUn.README.txt
lockbit
Targets
-
-
Target
Cryp_RAT.doc
-
Size
662KB
-
MD5
1fc2941b70df9dd6cdf4cb82af740fe9
-
SHA1
e5d18e3487ca2d5037215c0e0ebfaf7ccae1c655
-
SHA256
44b87df9f68f5a3084c7d80c1c7492ca5209e816a4e83fdbd6e2fcb6f1ff936f
-
SHA512
d5da156e406093bfd398d78a36962360ed6918d6b96e641843e7eeddbd6fe41c0a1681bf0a4fe9e31be22d7b1e16267e62abafc9c14d1dea223e72f3ef810081
-
SSDEEP
12288:6NtcndUa0XzmFe4lT+F4qZDGefM4qeF4C:6Oua0XzmFFI+7Z4VT
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Renames multiple (318) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-