General
-
Target
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296beN.exe
-
Size
1.3MB
-
Sample
241216-xx7kmayjcz
-
MD5
1d1d737e0bac00355ca69ac479917390
-
SHA1
e000f38006271bd9012934f3ac593209ee06c7e5
-
SHA256
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296be
-
SHA512
61360ff7636868c9b3ff214519e8457c02ff01f7493ee9d8e1b40de874db079970d94e762229589106462ea1ff040e3c90761f4529e5f8aefc535fbfac0bcc00
-
SSDEEP
24576:xK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq2JA:xK783MoXnFv3dcj7q5LsLp3CceMuczXV
Behavioral task
behavioral1
Sample
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296beN.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296beN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296beN.exe
-
Size
1.3MB
-
MD5
1d1d737e0bac00355ca69ac479917390
-
SHA1
e000f38006271bd9012934f3ac593209ee06c7e5
-
SHA256
ef7f06df7425df3af23658429247e62f3fcedc8f8165094d7104d67e40b296be
-
SHA512
61360ff7636868c9b3ff214519e8457c02ff01f7493ee9d8e1b40de874db079970d94e762229589106462ea1ff040e3c90761f4529e5f8aefc535fbfac0bcc00
-
SSDEEP
24576:xK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq2JA:xK783MoXnFv3dcj7q5LsLp3CceMuczXV
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1