General
-
Target
6da22220b108c980af987da381ab6d9492b3335a7e49be5ed8b5d3e37bcd8222.exe
-
Size
619KB
-
Sample
250110-2dg8vatkck
-
MD5
45de3207d7b557d14ddf799a4f2a1ee8
-
SHA1
ae79fc632e57d30640beb22ba63616df4cacb498
-
SHA256
6da22220b108c980af987da381ab6d9492b3335a7e49be5ed8b5d3e37bcd8222
-
SHA512
393a0c3c018d1da56ff86fdd4de1e191ca47803fb9751b5eb1544e21ae9375ab6b98290505a966417d3796b8a96de29a16c7813ccde3e492d850333807259c7c
-
SSDEEP
6144:3yCh485piYDNd1/0Pj/K3hYH95NCyyN0vTOHSShKS/w0tn0BIwMd7wvc4X4/ndLR:jl5lDN/0Pu3evNCwawIwM+m/HD
Behavioral task
behavioral1
Sample
6da22220b108c980af987da381ab6d9492b3335a7e49be5ed8b5d3e37bcd8222.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
6da22220b108c980af987da381ab6d9492b3335a7e49be5ed8b5d3e37bcd8222.exe
-
Size
619KB
-
MD5
45de3207d7b557d14ddf799a4f2a1ee8
-
SHA1
ae79fc632e57d30640beb22ba63616df4cacb498
-
SHA256
6da22220b108c980af987da381ab6d9492b3335a7e49be5ed8b5d3e37bcd8222
-
SHA512
393a0c3c018d1da56ff86fdd4de1e191ca47803fb9751b5eb1544e21ae9375ab6b98290505a966417d3796b8a96de29a16c7813ccde3e492d850333807259c7c
-
SSDEEP
6144:3yCh485piYDNd1/0Pj/K3hYH95NCyyN0vTOHSShKS/w0tn0BIwMd7wvc4X4/ndLR:jl5lDN/0Pu3evNCwawIwM+m/HD
-
Detect Neshta payload
-
Modifies firewall policy service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1