General
-
Target
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088fN
-
Size
1.1MB
-
Sample
241030-z2kmrs1fkc
-
MD5
9284314c6ac1df187d4bdb0a8b37d600
-
SHA1
38ca9a0d05027c074455d3086e33830f1c16f3f5
-
SHA256
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088f
-
SHA512
44822dcb277aa1adec930e561ffbe3b7920da96895e9163f6e0bb5fc62cd8b515d4d75a1bfbd5102866ae3486529c0eac7a2bfc6a3d0fca3262dbd59c330e69f
-
SSDEEP
24576:SJ39LyjbJkQFMhmC+6GD9eQhO4HrW3TvTIn9:SHyjtk2MYC5GDxHrWYn9
Behavioral task
behavioral1
Sample
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088fN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088fN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088fN
-
Size
1.1MB
-
MD5
9284314c6ac1df187d4bdb0a8b37d600
-
SHA1
38ca9a0d05027c074455d3086e33830f1c16f3f5
-
SHA256
42b2da54cafc5aefba861d1fd256bd7ceb8969c67a2d2a271e0ecaa81d18088f
-
SHA512
44822dcb277aa1adec930e561ffbe3b7920da96895e9163f6e0bb5fc62cd8b515d4d75a1bfbd5102866ae3486529c0eac7a2bfc6a3d0fca3262dbd59c330e69f
-
SSDEEP
24576:SJ39LyjbJkQFMhmC+6GD9eQhO4HrW3TvTIn9:SHyjtk2MYC5GDxHrWYn9
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1