General
-
Target
PaymentAdvice-1629043.zip
-
Size
1.7MB
-
Sample
241204-lvksassjes
-
MD5
a0f079433f23f2e0076c3519a3a89a98
-
SHA1
6a1ae3c8b2beacd17249247914ce0c89bb6457de
-
SHA256
6d920d3eb3446899f430236b1e331910ff6638bee36fba49e9e77f292520b124
-
SHA512
3079a6fbe07c8731cf44f6a1c18ce45cfa1832ae9170b498873a928654a7f159b9f8fa832a6bbd61f3f0dbccebf5d9da59684b0014e361732376a75086673329
-
SSDEEP
49152:aYR4JFvrFdjOzLVPcXx9whCAdTEA2JdaUjpu:xR4DxUzL6B9whCwTElJdtw
Static task
static1
Behavioral task
behavioral1
Sample
PaymentAdvice-1629043.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PaymentAdvice-1629043.vbs
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
PaymentAdvice-1629043.vbs
-
Size
2.3MB
-
MD5
9d7aa394cb39af2a434eb3036a35bb47
-
SHA1
bfcb9a3f1dcbcfce2f66f4c5c0e8dbada27dbd9f
-
SHA256
490022706b76b904dfe979627f775cc2be0cd6a10ae623989cf2118026a21bea
-
SHA512
3b2da959a16b915d52ceadb8336fc5478e7d579a38cf59fe34f15744a0017ea9907bf5b62b4670ea123b223a0af7f3e96ab03d132055a1afd8e6983a4f856033
-
SSDEEP
24576:dGPQzVpL6fvkC6MugzlGbhhkg6XCoCK86uTK6ClN3Br6kXIEHIQCobtMvQ8rAOSP:dGcJXxTqb38jR/4RzGfFVvC
Score10/10-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Suspicious use of SetThreadContext
-