neshta | e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4
Size

549KB
Sample

211215-h9tf7shhdj
MD5

7516ac47b4adfef609f6ce4dc1dd809c
SHA1

81d93a74a813e4d2231bf4b06762090d520a5145
SHA256

e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4
SHA512

a49542a69ee2ee53ce5ef8db071c80aac38e8eb3a81c025a88229e431c990964dbf7011bdde20240665d791c038cef5cd1c43e02e1367b9ee9c4b4c01c42770b

Score

10^/10

neshta xloader ea0r loader persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4.exe

Resource

win10-en-20211208

neshta xloader ea0r loader persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

C2

http://www.asiapubz-hk.com/ea0r/

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

metalumber.com

sclvfu.com

macanostore.online

projecturs.com

ahcprp.com

gztyfnrj.com

lospacenos.com

tak-etranger.com

dingermail.com

skiin.club

ystops.com

tnboxes.com

ccafgz.com

info1337.xyz

platinum24.top

hothess.com

novelfinancewhite.xyz

theselectdifference.com

flufca.com

giftcodefreefirevns.com

kgv-lachswehr.com

report-alfarabilabs.com

skeetones.com

4bcinc.com

americamr.com

wewonacademy.com

evrazavto.store

true-fanbox.com

greencofiji.com

threecommaspartners.com

hgtradingcoltd.com

xihe1919.com

241mk.com

helplockedout.com

wefundprojects.com

neosecure.store

purenewsworldwide.com

luckylottovip999.com

lottidobler.com

proyectohaciendohistoria.com

raintm.com

theproducerformula.com

trademarkitforyourself.com

ottaweed.com

Targets

- Target
  
  e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4
- Size
  
  549KB
- MD5
  
  7516ac47b4adfef609f6ce4dc1dd809c
- SHA1
  
  81d93a74a813e4d2231bf4b06762090d520a5145
- SHA256
  
  e657e5580f64554a920f5460edc2a1ae4179b183f7a2adbd613f0e877839bdb4
- SHA512
  
  a49542a69ee2ee53ce5ef8db071c80aac38e8eb3a81c025a88229e431c990964dbf7011bdde20240665d791c038cef5cd1c43e02e1367b9ee9c4b4c01c42770b
Score

10^/10

neshta xloader ea0r loader persistence rat spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtaxloaderea0rloaderpersistenceratspywarestealer

© 2018-2024

Terms | Privacy