Static task
static1
Behavioral task
behavioral1
Sample
e91e4a074ca4d73c0755b0a1d35450f7ef856ced90988bf863849b58f8e6cca7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e91e4a074ca4d73c0755b0a1d35450f7ef856ced90988bf863849b58f8e6cca7.exe
Resource
win10v2004-en-20220112
General
-
Target
e91e4a074ca4d73c0755b0a1d35450f7ef856ced90988bf863849b58f8e6cca7
-
Size
1.4MB
-
MD5
b15b34d72af29e78a6b139277751f5e3
-
SHA1
e0cd7391d86b3145e1264f7a3c2ac388a786762c
-
SHA256
e91e4a074ca4d73c0755b0a1d35450f7ef856ced90988bf863849b58f8e6cca7
-
SHA512
beda69d7b153207d30348b2ff99f86e382ac3c565aae0e2d7987874f00a6b3bf13ad36f7864aee4018a8290cbaa926c7a0dbf98af989c68ce98640d10e890705
-
SSDEEP
24576:m8e0tExrMGAQTgn1BxWxnHXFeWinsZz2TJu7xoiHadojLaal0N3lcNY/imV+iD6c:vGxrMGAKgBqXEy2TJu7xRadoCayN3lks
Malware Config
Signatures
-
Detect Neshta Payload 1 IoCs
Processes:
resource yara_rule sample family_neshta -
Neshta family
Files
-
e91e4a074ca4d73c0755b0a1d35450f7ef856ced90988bf863849b58f8e6cca7.exe windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ