Overview

overview

10

Static

static

10

69e1bef1f8...36.exe

windows7_x64

10

69e1bef1f8...36.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69e1bef1f8d32fa37d5809f923039b5cd35b11ac6f4c56b0fa5851395f4ae436

  • Size

    178KB

  • Sample

    220201-nzjrxaech5

  • MD5

    5f0497a125d9102611b56aa478069140

  • SHA1

    3cf78faf32b1ee7bfdacf82f90e0e0bb34b82997

  • SHA256

    69e1bef1f8d32fa37d5809f923039b5cd35b11ac6f4c56b0fa5851395f4ae436

  • SHA512

    bfd767d7a2d169603c2e58c8ccf1ac08acabdd05c771d9aa9e8c775e4d60fdd58a84ca52149a686b1938afb7a93652df923e8eef517367888bca130bbb5092f2

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      69e1bef1f8d32fa37d5809f923039b5cd35b11ac6f4c56b0fa5851395f4ae436

    • Size

      178KB

    • MD5

      5f0497a125d9102611b56aa478069140

    • SHA1

      3cf78faf32b1ee7bfdacf82f90e0e0bb34b82997

    • SHA256

      69e1bef1f8d32fa37d5809f923039b5cd35b11ac6f4c56b0fa5851395f4ae436

    • SHA512

      bfd767d7a2d169603c2e58c8ccf1ac08acabdd05c771d9aa9e8c775e4d60fdd58a84ca52149a686b1938afb7a93652df923e8eef517367888bca130bbb5092f2

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks