neshta | 1ea166c429a8bb605cb48e6b03f11c357fbdff43ab1636375ea34e3d945faf1b

Resubmissions

31-01-2022 12:28

220131-pnkqhahbdl 10

25-01-2022 13:26

220125-qpjp9sgfh9 10

25-01-2022 13:25

220125-qpca7agfh8 10

24-01-2022 02:26

220124-cw99xaadcr 10

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: CfgExtr crashed: runtime error: slice bounds out of range [:50702] with capacity 32736

General

Target

1ea166c429a8bb605cb48e6b03f11c357fbdff43ab1636375ea34e3d945faf1b
Size

246KB
MD5

5bbb7f2d5bb5011752c1cdc1b7afdf0c
SHA1

b9735eb85f04a4755d9080bcd2dcf31e3a586e3f
SHA256

1ea166c429a8bb605cb48e6b03f11c357fbdff43ab1636375ea34e3d945faf1b
SHA512

7d4600f720841e18a17dff7afa4d7b3a7bf8e4f3f0351f37c16522ab405cbb0f4af4971a6c505cd2f036a9efaaf1fbd056c30b36271d58df01460d0d62eecf91
SSDEEP

6144:WhS36nPE3BLPi7O93Ngnr2PszSw02sg9:iS36M19d5wxs

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta Payload 1 IoCs

Processes:

resource yara_rule

sample family_neshta
Neshta family
neshta

resource	yara_rule
sample	family_neshta

Files

1ea166c429a8bb605cb48e6b03f11c357fbdff43ab1636375ea34e3d945faf1b
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.toy
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gamo
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.woj
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zamixi
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.roj
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbgfudv
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sggsgds
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

Errors

General

Malware Config

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 47.3MB

.text Size: 28KB - Virtual size: 28KB

.toy Size: 1024B - Virtual size: 1024B

.gamo Size: 512B - Virtual size: 1B

.woj Size: 1024B - Virtual size: 1024B

.zamixi Size: 512B - Virtual size: 346B

.roj Size: 512B - Virtual size: 85B

.dbgfudv Size: 512B - Virtual size: 3B

.sggsgds Size: 512B - Virtual size: 12B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 220B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 47.3MB

.text
Size: 28KB - Virtual size: 28KB

.toy
Size: 1024B - Virtual size: 1024B

.gamo
Size: 512B - Virtual size: 1B

.woj
Size: 1024B - Virtual size: 1024B

.zamixi
Size: 512B - Virtual size: 346B

.roj
Size: 512B - Virtual size: 85B

.dbgfudv
Size: 512B - Virtual size: 3B

.sggsgds
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 220B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 9KB - Virtual size: 8KB