General
-
Target
170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706N.exe
-
Size
1.4MB
-
Sample
241218-d8mvtasrbk
-
MD5
743ad0b26a85a1c2747e0bc71c254360
-
SHA1
43f4ebada8fde7af4a79591451b45aa3f6c4e5e6
-
SHA256
170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706
-
SHA512
93167c85fe078386f84a3c9a01d4f8f81a2ef998e7257b618d63ce4e0425423a093699ce7757232eab14a295216932e5ca7b622fc5ec920d67531aa724219ff7
-
SSDEEP
24576:Mh3QCxH+ORg5Ep0c6fe0tTEtfufO1pLofVukuJ4QqRk4u2+jKvwcbaiRaY2dLEIq:Mhhg5EuJfHt3fO1pcNukuMk4unmbHUYt
Behavioral task
behavioral1
Sample
170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706N.exe
-
Size
1.4MB
-
MD5
743ad0b26a85a1c2747e0bc71c254360
-
SHA1
43f4ebada8fde7af4a79591451b45aa3f6c4e5e6
-
SHA256
170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706
-
SHA512
93167c85fe078386f84a3c9a01d4f8f81a2ef998e7257b618d63ce4e0425423a093699ce7757232eab14a295216932e5ca7b622fc5ec920d67531aa724219ff7
-
SSDEEP
24576:Mh3QCxH+ORg5Ep0c6fe0tTEtfufO1pLofVukuJ4QqRk4u2+jKvwcbaiRaY2dLEIq:Mhhg5EuJfHt3fO1pcNukuMk4unmbHUYt
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1