neshta

General

Target

2025-02-07_61a199076ddfb00d9a92792ffa0f2668_neshta_satana
Size

90KB
Sample

250207-vzbjvs1ndl
MD5

61a199076ddfb00d9a92792ffa0f2668
SHA1

7478d5b7ecf47ac14cbba2fab46f69106d02b008
SHA256

b107c99d3d84007f8bc1c3eca8ba6bfdb2b38dd56cbc1d1592110e55f84e6fd6
SHA512

f3ce8923d9cd8add89516d3f5033b5a5ccea06890e3ad1b93a422e1d0afff4ef5c4c9aaf4dbcecea5563f0af977084cd944c6b5566607d48282ca1340f8d891b
SSDEEP

1536:JxqjQ+P04wsmJC4uFECDpw10vnAOIUaJh4IXdWXLXTWLS:sr85Cnlw10vvA/7sSu

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\!satana!.txt

Ransom Note

You had bad luck.There was crypting of all your files in a FS bootkit virus <!SATANA!> To decrypt you need send on this E-mail: [email protected] your private code: A3D90235E1136671AB1195C6078184FF and pay on a Bitcoin Wallet: XbvKCGr8VowpBLwE8VxHNL2oL24ukKcNFw total 0,5 btc After that during 1 - 2 days the software will be sent to you - decryptor - and the necessary instructions. All changes in hardware configurations of your computer can make the decryption of your files absolutely impossible! Decryption of your files is possible only on your PC! Recovery is possible during 7 days, after which the program - decryptor - can not ask for the necessary signature from a public certificate server. Please contact via e-mail, which you can find as yet in the form of a text document in a folder with encrypted files, as well as in the name of all encrypted files.If you do not appreciate your files we recommend you format all your disks and reinstall the system. Read carefully this warning as it is no longer able to see at startup of the computer. We remind once again- it is all serious! Do not touch the configuration of your computer! E-mail: [email protected] - this is our mail CODE: A3D90235E1136671AB1195C6078184FF this is code; you must send BTC: XbvKCGr8VowpBLwE8VxHNL2oL24ukKcNFw here need to pay 0,5 bitcoins How to pay on the Bitcoin wallet you can easily find on the Internet. Enter your unlock code, obtained by E-mail here and press "ENTER" to continue the normal download on your computer. Good luck! May God help you! <!SATANA!>

Sharing

General

Malware Config

Extracted

Targets

Detect Neshta payload

Neshta family

Satana

Satana family

Deletes shadow copies

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Reads user/profile data of web browsers

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2