Resubmissions
19-10-2024 11:46
241019-nxh3lawepj 1019-10-2024 11:42
241019-nvc4kathmg 719-10-2024 11:38
241019-nrspvawcnp 1019-10-2024 11:33
241019-nnzc8atfla 1019-10-2024 11:27
241019-nkpplswakl 1019-10-2024 11:23
241019-nhfnxsvhmk 1019-10-2024 11:11
241019-najevashqf 1019-10-2024 11:07
241019-m762qssgph 3General
-
Target
6812964531.exe
-
Size
67KB
-
Sample
241019-najevashqf
-
MD5
7de65122a13ab9d81368ee3dff3cc80a
-
SHA1
ecbb4db641431d4d672e4b88e8d309419fd32f04
-
SHA256
a73a05a4b6ec6ae1c1ba6d3d12b68cc52b899e2a6dbbaaa1f48f2c260a733123
-
SHA512
b156d77a665c3256ddfd016e46105b6e87db6a4c1ca77e9bb25b221c368f3cc53dddc7159602cfb926ef0cc9bacac57b6bd41e7e28998883c996727d58d29401
-
SSDEEP
1536:pr3rob4nqB6veqHnq+Pgm5NN9vbDTc+1vIQ/EXyBej:h7PEg3qcv5PvB/EVj
Static task
static1
Malware Config
Targets
-
-
Target
6812964531.exe
-
Size
67KB
-
MD5
7de65122a13ab9d81368ee3dff3cc80a
-
SHA1
ecbb4db641431d4d672e4b88e8d309419fd32f04
-
SHA256
a73a05a4b6ec6ae1c1ba6d3d12b68cc52b899e2a6dbbaaa1f48f2c260a733123
-
SHA512
b156d77a665c3256ddfd016e46105b6e87db6a4c1ca77e9bb25b221c368f3cc53dddc7159602cfb926ef0cc9bacac57b6bd41e7e28998883c996727d58d29401
-
SSDEEP
1536:pr3rob4nqB6veqHnq+Pgm5NN9vbDTc+1vIQ/EXyBej:h7PEg3qcv5PvB/EVj
-
Detect Neshta payload
-
Detect Umbral payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1