Overview

overview

10

Static

static

8fdf603293...e1.exe

windows7_x64

10

8fdf603293...e1.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fdf6032932fa1a0c9b0fd342ee8bee1

  • Size

    1.1MB

  • Sample

    210923-l4qpxaeah4

  • MD5

    8fdf6032932fa1a0c9b0fd342ee8bee1

  • SHA1

    5b939ccc5f0eaf36dd38915af1da00065940cf70

  • SHA256

    ec0627ef1feef5903f5771bdb6df060a295af132e90ed023f2e1ad14d5ffb40b

  • SHA512

    0d74c116728fb3d40a49bd0ee7658ac0f5984a2bf5fe180bd36714db15534dc4a3148ba710360138e0032bc149423170b6a3e2808d368a2c0d3e51365236df8e

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      8fdf6032932fa1a0c9b0fd342ee8bee1

    • Size

      1.1MB

    • MD5

      8fdf6032932fa1a0c9b0fd342ee8bee1

    • SHA1

      5b939ccc5f0eaf36dd38915af1da00065940cf70

    • SHA256

      ec0627ef1feef5903f5771bdb6df060a295af132e90ed023f2e1ad14d5ffb40b

    • SHA512

      0d74c116728fb3d40a49bd0ee7658ac0f5984a2bf5fe180bd36714db15534dc4a3148ba710360138e0032bc149423170b6a3e2808d368a2c0d3e51365236df8e

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks