General
-
Target
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe
-
Size
2.6MB
-
Sample
250201-y2jj2aylcv
-
MD5
abe1f9b4c118b72b56ef1eecb21742c6
-
SHA1
ec132034b246f6753454b34fa902a9c0cf8eaf9d
-
SHA256
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3
-
SHA512
cea4747103bc470ff305ea3a220bbfa1066368b1fb9e0c8ca860822bcea211a0642efa99ba8f2ef6348b0f3fbf1d0beca882c91df2f1b888db8aa73042fabb00
-
SSDEEP
24576:jDQvrW2goWlpCCZQ59lbydQnKPE/0ZEEm1IcEcGp9XodFP0ZwGsXHoMHp:j4rWJorCZQZUOK40+XaC+Z/fMJ
Behavioral task
behavioral1
Sample
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe
Resource
win10v2004-20250129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe
-
Size
2.6MB
-
MD5
abe1f9b4c118b72b56ef1eecb21742c6
-
SHA1
ec132034b246f6753454b34fa902a9c0cf8eaf9d
-
SHA256
982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3
-
SHA512
cea4747103bc470ff305ea3a220bbfa1066368b1fb9e0c8ca860822bcea211a0642efa99ba8f2ef6348b0f3fbf1d0beca882c91df2f1b888db8aa73042fabb00
-
SSDEEP
24576:jDQvrW2goWlpCCZQ59lbydQnKPE/0ZEEm1IcEcGp9XodFP0ZwGsXHoMHp:j4rWJorCZQZUOK40+XaC+Z/fMJ
-
Detect Neshta payload
-
Modifies firewall policy service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1