Overview

overview

10

Static

static

Quote.png.scr

windows7_x64

10

Quote.png.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote.png.scr

  • Size

    528KB

  • Sample

    211109-y4zn2achdl

  • MD5

    06b4fd7c3d1966efe2747227379e2649

  • SHA1

    6d1f81c6b8041395342e53476247109a3ca3f433

  • SHA256

    b0bd95ea0aa5de9849e555fc8a62f51e1406c6b4dc890ce9a63c9807184d9f0b

  • SHA512

    8c74a3ee29ca9c8c14871be2035c56a397bc81b1a022595fea3e102d5df9243c30e0ad59b7865bd66b3e413c80246493a2a43c6655085f8bb4b9f21f9ff9f8c0

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      Quote.png.scr

    • Size

      528KB

    • MD5

      06b4fd7c3d1966efe2747227379e2649

    • SHA1

      6d1f81c6b8041395342e53476247109a3ca3f433

    • SHA256

      b0bd95ea0aa5de9849e555fc8a62f51e1406c6b4dc890ce9a63c9807184d9f0b

    • SHA512

      8c74a3ee29ca9c8c14871be2035c56a397bc81b1a022595fea3e102d5df9243c30e0ad59b7865bd66b3e413c80246493a2a43c6655085f8bb4b9f21f9ff9f8c0

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks