General
-
Target
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31.exe
-
Size
756KB
-
Sample
240724-slyfcssdqk
-
MD5
31c87737ea27257492b80ffe38db4a02
-
SHA1
202620c58aee7e3d873f344196fa43c5ad863baf
-
SHA256
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31
-
SHA512
f50ee3c56f7f498fb54c501201bda1640bb7b9e7476dc896b2c19a7706b0f132bae808b4a312c0c401a1b8e58058b7255cc2ed9026b19a7a561f3168d85dbec9
-
SSDEEP
12288:PfyfpWOhx8kPn3HLK1ADGl8qWp5YXaZG5EpKXoz9E6IgybM6LIrGH0Tl2TAXjUva:PfyjiGuASGqM5YXH5U9bITbj8LTUTijU
Static task
static1
Behavioral task
behavioral1
Sample
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31.exe
-
Size
756KB
-
MD5
31c87737ea27257492b80ffe38db4a02
-
SHA1
202620c58aee7e3d873f344196fa43c5ad863baf
-
SHA256
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31
-
SHA512
f50ee3c56f7f498fb54c501201bda1640bb7b9e7476dc896b2c19a7706b0f132bae808b4a312c0c401a1b8e58058b7255cc2ed9026b19a7a561f3168d85dbec9
-
SSDEEP
12288:PfyfpWOhx8kPn3HLK1ADGl8qWp5YXaZG5EpKXoz9E6IgybM6LIrGH0Tl2TAXjUva:PfyjiGuASGqM5YXH5U9bITbj8LTUTijU
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Scheduled Task
1