neshta | c9d1ef33ca6a91b13f43b764beb0fe55893d0345e6a49deefec01c8b9b9c1251 | Triage

Sharing

General

Target

c9d1ef33ca6a91b13f43b764beb0fe55893d0345e6a49deefec01c8b9b9c1251
Size

247KB
MD5

04d97184729b092f1d795778caec8927
SHA1

ee0a24536a64ed0803502501d6d6a1e336213063
SHA256

c9d1ef33ca6a91b13f43b764beb0fe55893d0345e6a49deefec01c8b9b9c1251
SHA512

c7cc2ec811f73c8b844281d689bfad03c89df321478e2cf2b4c3f0b46371bebf430349f1bfd8572d2588681189344b5b90e8a8b168ac3ac7c0d84521db1b23ec
SSDEEP

3072:sr85CIyy2RjLTuVyu7CJDgoMT3Q092+ZCInhNLFrb30BRtBZZg+i2QLFrb30BRtt:k9ny2RsQJ8zgkZCihJ0BXScSJ0BXScv

Score

10^/10

neshta sodinokibi

Malware Config

Signatures

Detect Neshta Payload 1 IoCs

Processes:

resource yara_rule

sample family_neshta
Neshta family
neshta
Sodinokibi family
sodinokibi

Files

c9d1ef33ca6a91b13f43b764beb0fe55893d0345e6a49deefec01c8b9b9c1251
.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ