General
-
Target
44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1
-
Size
7.1MB
-
Sample
241216-1j5qna1kgs
-
MD5
774542c18369a36cbb4281782fded87f
-
SHA1
45292130f77e484bbaab72792890d9f61419bf82
-
SHA256
44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1
-
SHA512
693701ecd1a90887ce6b90827dcffdabb93f1594622e65bfcb9c8cc3642ca27dd82a4e43d95ee7150076d0dcfcb727edfdda1b85cb078230e02f1b5f14e9cf78
-
SSDEEP
98304:gGOSnfbzz2d463IROME9bCOspSizzAukSFdhkq/Bc7iJc8Id59OLtk+e:CSj3C4GIIdCOs2hSFdhJ/aemHdIk
Static task
static1
Behavioral task
behavioral1
Sample
44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1
-
Size
7.1MB
-
MD5
774542c18369a36cbb4281782fded87f
-
SHA1
45292130f77e484bbaab72792890d9f61419bf82
-
SHA256
44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1
-
SHA512
693701ecd1a90887ce6b90827dcffdabb93f1594622e65bfcb9c8cc3642ca27dd82a4e43d95ee7150076d0dcfcb727edfdda1b85cb078230e02f1b5f14e9cf78
-
SSDEEP
98304:gGOSnfbzz2d463IROME9bCOspSizzAukSFdhkq/Bc7iJc8Id59OLtk+e:CSj3C4GIIdCOs2hSFdhJ/aemHdIk
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Xmrig family
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Change Default File Association
1Power Settings
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1