Overview
overview
10Static
static
10VHE/Valve ...SE.exe
windows7-x64
10VHE/Valve ...SE.exe
windows10-2004-x64
10VHE/Valve ...32.dll
windows7-x64
3VHE/Valve ...32.dll
windows10-2004-x64
3VHE/Valve ...o.html
windows7-x64
3VHE/Valve ...o.html
windows10-2004-x64
3VHE/Valve ...s.html
windows7-x64
3VHE/Valve ...s.html
windows10-2004-x64
3VHE/Valve ...e.html
windows7-x64
3VHE/Valve ...e.html
windows10-2004-x64
3VHE/Valve ...s.html
windows7-x64
3VHE/Valve ...s.html
windows10-2004-x64
3VHE/Valve ...sp.exe
windows7-x64
10VHE/Valve ...sp.exe
windows10-2004-x64
10VHE/Valve ...sg.exe
windows7-x64
10VHE/Valve ...sg.exe
windows10-2004-x64
10VHE/Valve ...ad.exe
windows7-x64
10VHE/Valve ...ad.exe
windows10-2004-x64
10VHE/Valve ...is.exe
windows7-x64
10VHE/Valve ...is.exe
windows10-2004-x64
10VHE/Valve ...s.html
windows7-x64
3VHE/Valve ...s.html
windows10-2004-x64
3VHE/Valve ...is.exe
windows7-x64
10VHE/Valve ...is.exe
windows10-2004-x64
10VHE/Valve ...s.html
windows7-x64
3VHE/Valve ...s.html
windows10-2004-x64
3VHE/Valve ...ush.pl
windows7-x64
3VHE/Valve ...ush.pl
windows10-2004-x64
3VHE/Valve ...nt.exe
windows7-x64
10VHE/Valve ...nt.exe
windows10-2004-x64
10VHE/Valve ...ru.bat
windows7-x64
10VHE/Valve ...ru.bat
windows10-2004-x64
10General
-
Target
6b65d16819c11909c173bc739400e51b_JaffaCakes118
-
Size
6.4MB
-
Sample
240724-na1dcswfnb
-
MD5
6b65d16819c11909c173bc739400e51b
-
SHA1
f5e07e441b1e09134a7bb86181794257a84f5da9
-
SHA256
dff7f1c7e54ab1435f0a6fcfca94f41f13366eceef5075de882a9aa26480bb04
-
SHA512
f3bee6239304819d1a896b4aa032f01d37aad0dcf6f287aab337b54109751397a6b8eb8e8249fa0a12fb6729c4f78dc58cb8267f41e0b976c3124d24a6952574
-
SSDEEP
98304:arPpaGIqh8wOlPoF9P/3FRgWtrB6tgF/Hmvj/b1yJcmPlJCrJYi749QbdRhFRRLw:aIByF1PgdtgF/Hmvl9mLCWgGQbzhdUyk
Behavioral task
behavioral1
Sample
VHE/Valve Hammer Editor/UNWISE.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
VHE/Valve Hammer Editor/UNWISE.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
VHE/Valve Hammer Editor/ZHTL/CCXX32.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
VHE/Valve Hammer Editor/ZHTL/CCXX32.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTIntro.html
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTIntro.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTProblems.html
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTProblems.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTReference.html
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
VHE/Valve Hammer Editor/ZHTL/ZHLTReference.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
VHE/Valve Hammer Editor/ZHTL/ZonersHalflifeTools.html
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
VHE/Valve Hammer Editor/ZHTL/ZonersHalflifeTools.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
VHE/Valve Hammer Editor/ZHTL/hlbsp.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
VHE/Valve Hammer Editor/ZHTL/hlbsp.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
VHE/Valve Hammer Editor/ZHTL/hlcsg.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
VHE/Valve Hammer Editor/ZHTL/hlcsg.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
VHE/Valve Hammer Editor/ZHTL/hlrad.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
VHE/Valve Hammer Editor/ZHTL/hlrad.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
VHE/Valve Hammer Editor/ZHTL/hlvis.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
VHE/Valve Hammer Editor/ZHTL/hlvis.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
VHE/Valve Hammer Editor/ZHTL/instructions.html
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
VHE/Valve Hammer Editor/ZHTL/instructions.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
VHE/Valve Hammer Editor/ZHTL/netvis.exe
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
VHE/Valve Hammer Editor/ZHTL/netvis.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
VHE/Valve Hammer Editor/ZHTL/netvis.html
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
VHE/Valve Hammer Editor/ZHTL/netvis.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
VHE/Valve Hammer Editor/ZHTL/numberbrush.pl
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
VHE/Valve Hammer Editor/ZHTL/numberbrush.pl
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
VHE/Valve Hammer Editor/ZHTL/ripent.exe
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
VHE/Valve Hammer Editor/ZHTL/ripent.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
VHE/Valve Hammer Editor/ZHTL/ru.bat
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
VHE/Valve Hammer Editor/ZHTL/ru.bat
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
VHE/Valve Hammer Editor/UNWISE.EXE
-
Size
201KB
-
MD5
c27234be4b7317b9fb346aeb673604c4
-
SHA1
fc0ebd6d39c3077a3425dfa5095359e24cd90ad0
-
SHA256
fc5425db28df7d0bd1216cc8227fb0c42fe643c7952b1a14b230d084ad74d34e
-
SHA512
23dc6b3a434e0eb9b9324cc67f2fa771a33d4c55fc57dde175c6d513bf07ca83ff2b3c6858be096e36624737974962e696f45fcb67105e2e5b3d63ed352724a8
-
SSDEEP
1536:JxqjQ+P04wsmJC5iAuSifjPRcU27+YoFnWtoXLJYHAUso4emQiBW4K:sr85C5iAsF27+YoFnWyJYHAUv4eViA4K
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/CCXX32.dll
-
Size
76KB
-
MD5
8cd2717b45e837b9f23809b8dacd0426
-
SHA1
0e58aa0e1b185163046b5a90601589ffd55f5259
-
SHA256
df2df1fcc55aecec20d3fd0ae77d9881f25f3b27b6e723b593385a45070bd064
-
SHA512
4c9c5e8486992b9ff7b747842016054850b2590c4674281c2e0ca05b04ce6a9fe1b4aa7b0de9a6dae1ad62eca86cfee0dabbfe7896b2482cb20e14185be152dd
-
SSDEEP
1536:f9TZ3/WLhuujC8VP08LT6gsdtlW/ldqWTXqJ:1Tt/+4uu8VP08xsdubqeXq
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ZHLTIntro.html
-
Size
3KB
-
MD5
c2d718a36af106f382704a21c4da9c6a
-
SHA1
c40e3c8401aa9ef833146ca8a4091320c314b139
-
SHA256
10344c85287505a062cbf6c0d5eb36ce804936a4c3cb22576b1dc37bf9e30880
-
SHA512
71fb7842b6ea1accf7354780d646d577d490cf7138cf4a70342bbcfa780b0022e9cc8e46e8f13097e4510fec93cfce6ee1f126fb62576fe2cdf5dabe4f339d79
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ZHLTProblems.html
-
Size
13KB
-
MD5
d3f721c1a7b969990758029c2217b97a
-
SHA1
d4d52105ad15b2b74b4205f1a64333da0dcaf5d0
-
SHA256
b2d69e8bfbaa42951ee2be377b417c89fbff47371af6c36be0c56470de673f38
-
SHA512
1de0e0e87f32333d899604b07d982b369e35e581060058e5b991ba39b5f341658520a2396db84b590805bf456dd362954c260b728f07e3a402f39a0e4120099f
-
SSDEEP
384:n9CTc5kF67bRKgrWznupNZrv/I9JZo7j8F:nvk4Rlr0uvZDd8F
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ZHLTReference.html
-
Size
23KB
-
MD5
ae2a0f297228e2a7351e326cfe984f6f
-
SHA1
b19ad1ee59c8d00afc854f71893bac17caeab98f
-
SHA256
be90de60315eb6abb9eecef345cf100a4e5e53fa59f171efa9e7c8bf040ec9a1
-
SHA512
68982d6a67de0897997ae28371ec74d2427fd4eb980fa06b75c2fd5fc609df5ad2f8b5b183b4af85810560b4e6ff5acefc818ef50a762222255754b4ee094768
-
SSDEEP
192:KT0I7x3NCqfMYdI3oX12okJyjzqv/EpD0oOPVEX3JjTgQpmGVGhcarNs4HTTgQKx:Ivy5uIO17MEV0LeZ0akfcQ52fD
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ZonersHalflifeTools.html
-
Size
48KB
-
MD5
80680dd58eb4672c10176443bddf20d7
-
SHA1
7dbdb38e2b55184ce006145db5f2edfe890f3e71
-
SHA256
c9f460e770f6983a91e48fd3f33a998f6ad1ff0ee0e9d34bcf815d5d8a4a3c9c
-
SHA512
87d27fa0975f5dbb550379d8f7d4af6f04e27ae93d5ee2a66bcb5dfb9c441013d0ba8b66780b69c2208b336baf90a47eb6d93c221b031f45499871c4ec775a3d
-
SSDEEP
768:oh18mKFt8rsP/F4EZZmlVABvmYLSKJ4gD4tHwev2qexyzEfsrI:oh18mKFt8rsP/F46mlVhYLSKqgDSSffz
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/hlbsp.exe
-
Size
196KB
-
MD5
0cbd5ef39d80a9c48d54edf57f9c02d6
-
SHA1
2a86fee2964add2534e0bf99e9f28877a9e75954
-
SHA256
99085ecc4293969ce59384c54514088123939265722d9ea74b8fbad44c459345
-
SHA512
3713b5166b745df8bf3cba17c19487f0781e5cddad00a1932bac024c4d433344c185dd7c252793d53c0da1c065eb5e494bd22ddfc00bf0e3b300b67c5cb9eb35
-
SSDEEP
3072:sr85CCrcTiVJrhm+l2DKUpB0O44O83LbvwXIjq:k9HTchL0pKSZ3LbvwV
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/hlcsg.exe
-
Size
224KB
-
MD5
185c648f3b42d4878900662ee63f2166
-
SHA1
ab25f5c849d2f0ed3bdf756d623768fe7161b5ab
-
SHA256
c0ccb026f2eb3edda0702e31d96705164604e0cc47fcd836948fabe9c840b06c
-
SHA512
03114f46952ea0013804551af010295fe2673dfa6042ff7970edac6e478229babed130740a8b3bfaf8245ceb5a10aa19728b115b4390595f0773b61be9eb3edb
-
SSDEEP
3072:sr85C20QZgcfd4CpCTZeWSFK7bF+CWWCkyK6BwFXcXTgcV+tKuu/J:k92l1f2GCTZeWSk75zUJScXTNuux
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/hlrad.exe
-
Size
264KB
-
MD5
0b2df245edf658d735b9479fa36c5ed6
-
SHA1
2b15cb890543c0320893d841836af7abfd65f73c
-
SHA256
632d8ef27651d923d83c72f54a0688793b61f012f38cb916308ec7748c030064
-
SHA512
02210ae97074e76985c51a914ceadbc9e37b7dee06c9357e6b47de613fe79c027ebec6e827d253511501a836fcb27294b7ea6e61fe0a188eb78cc459b50bc1a6
-
SSDEEP
6144:k9SSD8wRLhHFbHG5UwcyCa/0p0ynDt7U3ST:TSDbRfcUwch2ku3ST
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/hlvis.exe
-
Size
180KB
-
MD5
8d6e1a5c95062b0d5ac3fd7f782e0e9d
-
SHA1
11191e348198b580df9b8b19c670c7d58d553ad9
-
SHA256
7a26c0046de87345be5bcfa199feb379c61ee3f0c88cb2a47f43c2b16cb76635
-
SHA512
36cd83cebe9500367deb3a887eb8e93f55b70d0adea4c64f0a7ccc1a7c6cbd26729206cd8db54ac5c4f09ced5fc32b30c0be9f6374e80ac6c52a912b923217e5
-
SSDEEP
3072:sr85CQQyUINbF2RPcKAD3pXdxnnrCs8sO3BqPOEVNM:k9hwbwep/GfxqGaNM
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/instructions.html
-
Size
18KB
-
MD5
bec2c9869da3564cbefc95b9e32323ff
-
SHA1
c78dcbe0db2c88a902e6f6859afc62151cf3cbee
-
SHA256
112b3f702ce5d7fa8121064b84998f17d382a52d45759713818d704f490e47d2
-
SHA512
779cb3f4274b8164ea98821f306fe111831ff8b91bad53b3ff052680837c3d5872b46d81cb9eb68a3af82e59f97e17b4b967e161236add1dfb05df77fb43b979
-
SSDEEP
192:uodxlYIsupR7L9IzbeOOCHxZHyVv8VJgsNrviGz3NiLH0tQ14z6hAzpQ79yWq6xv:Xxo8h6OC3VCOhzgb0+irzeD
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/netvis.exe
-
Size
284KB
-
MD5
836adfd22e029b5036f92f801a1a46de
-
SHA1
0d244a89a65fb7a89c75daa79b1b8be092bfd657
-
SHA256
65886c57faea089ea517783d7f644c00af2f85816bc474271427546d0d7d6f83
-
SHA512
ad6bd18231a09441af0e8b62ee29339c838cfb33272ab13bd5e6a7159769a297d8c0925d1ba21ccf512defa2906206a282f7c21c1305ef2e19f5ff7e5b7ee8fa
-
SSDEEP
6144:k92HgcGh5iwuoUMhbgLmqOYvy1caHJ8dVQhcIs:JLGuoUMhamqOGIjujIs
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/netvis.html
-
Size
2KB
-
MD5
c6440d271c17047cfc8e3750ab0ccc08
-
SHA1
fc9597e2403d3d5104ad648ea81df17993c81245
-
SHA256
e5260ec58d66e566a6369bc40e4484841aae73adb975e77bec89303c28dca29b
-
SHA512
ee03650f726aa141a5b75eca9afdfab43da0d1f3929db60ac28c637e76b4d950c3b77c9f4904a875a1b26fef9c7967e9ccd1c7ff2a8ef08668b01f41c0481cb3
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/numberbrush.pl
-
Size
1KB
-
MD5
092c9f665af263062ef413eb87905d5d
-
SHA1
2bc00c3259a88ca1469dd45cccfc79b8309e81bc
-
SHA256
06033f9583aabe56326afe0b427a6a01185d53333ed548ef5eabdd1fd5ec1d3c
-
SHA512
db8a9a12177d30713f782b3ea5815d34d9d9bec79f1d8146ebed7246a92e1e2f54c7e2c97fc7d67a5e4c1f47af3fc43bab661a769988c93c376ba29181d19365
Score3/10 -
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ripent.exe
-
Size
120KB
-
MD5
c3176ee2a438bb615339b8e28fd34ff0
-
SHA1
548e78c6bcbd2193ae377535c0e4edd483f81f8f
-
SHA256
0acff5ad93219431eb14e4e5007bbc6853ea91f7d0b2e44f6d5e834e8f45a89b
-
SHA512
56229b95676cea3fa76f96fd5404595a8b6143a461d1444674869ae7e2821d1628f0dfe53bf797a2bfeeb642d3d0366f5696c4eb52be53b0b0cab14095b047fc
-
SSDEEP
1536:JxqjQ+P04wsmJCNA+tNGsKoqvRRZl9+PSQ1BTsPEOpC3Afw8:sr85CNBtNGsKpRHl9+PjslpU8
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
VHE/Valve Hammer Editor/ZHTL/ru.bat
-
Size
289B
-
MD5
058239ae87781e61579c0bc7bfeadb0c
-
SHA1
ef4f803446c1a287b8751957d7bea99a11cdfbc6
-
SHA256
346f869a023ebbdca2fc532fe68784cec4df0d84fa22bf6dbe746ca9af1469fe
-
SHA512
3bb44bd03622f09c473907f4b376298ee29d1c7fe67f5ef2eaf7787f003638016396620013f19245202c9dbc7ad4574436db651a864a8ab9fb167d1fbc8c14ec
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-