General
-
Target
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bdN.exe
-
Size
1.5MB
-
Sample
241208-dt46jsvmfj
-
MD5
6f08d9eb0f1502e81a566e2705b67d90
-
SHA1
0f39679f3e2788fd8371dafdfa5cfa304ba19204
-
SHA256
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bd
-
SHA512
6eb4a348271b049b8a78039380f5ab24071e67bdd644c3c38724c3f0b6282b39c279870c7ee97049c22bbf3f39a5842c9fedeb87e2a6e99008fa917910571edd
-
SSDEEP
24576:NlGOSQCU/CeilNQLizcomzaH38uSIPkC4E+LDPaJQLoRA8wW57L9vTE9avgFaS:YdblN6GR3MhC4E+PaaWA8P5HQf
Behavioral task
behavioral1
Sample
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bdN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bdN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bdN.exe
-
Size
1.5MB
-
MD5
6f08d9eb0f1502e81a566e2705b67d90
-
SHA1
0f39679f3e2788fd8371dafdfa5cfa304ba19204
-
SHA256
344b8da23cffc7ee7da8c75cc05619e5659f7194076bcf1e497f32b7f3cfa1bd
-
SHA512
6eb4a348271b049b8a78039380f5ab24071e67bdd644c3c38724c3f0b6282b39c279870c7ee97049c22bbf3f39a5842c9fedeb87e2a6e99008fa917910571edd
-
SSDEEP
24576:NlGOSQCU/CeilNQLizcomzaH38uSIPkC4E+LDPaJQLoRA8wW57L9vTE9avgFaS:YdblN6GR3MhC4E+PaaWA8P5HQf
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1