neshta | e125ef182c6de161f75933a552c39677d842d854c317da92518191054fd83f37 | Triage

Sharing

General

Target

e125ef182c6de161f75933a552c39677d842d854c317da92518191054fd83f37
Size

198KB
MD5

858c29efee084e86616b21fdc4d2a3de
SHA1

d642f7ecda3fa135761d68eb20f44d66eba798fa
SHA256

e125ef182c6de161f75933a552c39677d842d854c317da92518191054fd83f37
SHA512

673ffc06a6c2b66808c4b174d9b90d440b320b63c4076731bf6f96fbf33ef56e8930b4ce0ec4b0e9f710f1db952cb6b1bb178a1540d6d76950dd9c646e22e1e1
SSDEEP

3072:Or85CuLbi4eTMlwDCnuZ3puJ1ni8Iy8EytZ:O9ebnWJZ3P8IUyT

Score

10^/10

neshta sodinokibi

Malware Config

Signatures

Detect Neshta Payload 1 IoCs

Processes:

resource yara_rule

sample family_neshta
Neshta family
neshta
Sodinokibi family
sodinokibi
Sodinokibi/Revil sample 1 IoCs

Processes:

resource yara_rule

sample family_sodinokobi

Files

e125ef182c6de161f75933a552c39677d842d854c317da92518191054fd83f37
.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ