General
-
Target
b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3cN.exe
-
Size
4.8MB
-
Sample
241217-zcv27sykbl
-
MD5
64e7f75656a65ece7ffb6eb81355db30
-
SHA1
8c27682411532ef3bc12474c7cd3a69b8706634c
-
SHA256
b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3c
-
SHA512
9f88d12776c522379563bc78882792e629094035cd81faf0df20cb7fb93357a4b1cbfde63a26ca05e92d211a094ecfa391d097677253e06627a3535bdd827ab8
-
SSDEEP
98304:MIBdcegPTApJRVaNz6mCuzOEZE/bEloTj5559AQyk2B5lx8LV:MUc57eRcLCc+b9Td5AQyk2B5T8LV
Behavioral task
behavioral1
Sample
b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3cN.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3cN.exe
-
Size
4.8MB
-
MD5
64e7f75656a65ece7ffb6eb81355db30
-
SHA1
8c27682411532ef3bc12474c7cd3a69b8706634c
-
SHA256
b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3c
-
SHA512
9f88d12776c522379563bc78882792e629094035cd81faf0df20cb7fb93357a4b1cbfde63a26ca05e92d211a094ecfa391d097677253e06627a3535bdd827ab8
-
SSDEEP
98304:MIBdcegPTApJRVaNz6mCuzOEZE/bEloTj5559AQyk2B5lx8LV:MUc57eRcLCc+b9Td5AQyk2B5T8LV
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1