General
-
Target
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe
-
Size
1.3MB
-
Sample
241206-y7jrzs1rhp
-
MD5
b9a4f271af9f1486241b1d1977ec0670
-
SHA1
0b87e60d2f871b20750d7b98b0551ee66186b2fb
-
SHA256
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030
-
SHA512
991cd569cb0de467f09d76877174af63f6b9f5c46faca5f3719a9a16ecea2bf650a562860f70c25d2404edb63dc9ea9192ee22c3894f98ff79e5b831fbb27025
-
SSDEEP
24576:tr/0ox0HyFZi6tVNpXrXjHgaAWm3U8ufe4N8zZF+HgM1S9emr:tr/506ZNjNtrXjD8E8uWSAkED
Behavioral task
behavioral1
Sample
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe
-
Size
1.3MB
-
MD5
b9a4f271af9f1486241b1d1977ec0670
-
SHA1
0b87e60d2f871b20750d7b98b0551ee66186b2fb
-
SHA256
12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030
-
SHA512
991cd569cb0de467f09d76877174af63f6b9f5c46faca5f3719a9a16ecea2bf650a562860f70c25d2404edb63dc9ea9192ee22c3894f98ff79e5b831fbb27025
-
SSDEEP
24576:tr/0ox0HyFZi6tVNpXrXjHgaAWm3U8ufe4N8zZF+HgM1S9emr:tr/506ZNjNtrXjD8E8uWSAkED
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Indicator Removal
1Clear Persistence
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1