Overview

overview

10

Static

static

10

d3de8650be...a9.exe

windows7_x64

10

d3de8650be...a9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3de8650be06b7baef11e68977865d0aa4747d0cc6b8c0274185a5e79a06cea9

  • Size

    1.5MB

  • Sample

    220206-kd88wsgha8

  • MD5

    73092e6a2353b35b933645fa9ff4fb35

  • SHA1

    cfb11f292e46f5cc11d13d1021af52375bfda30e

  • SHA256

    d3de8650be06b7baef11e68977865d0aa4747d0cc6b8c0274185a5e79a06cea9

  • SHA512

    6b883b247ecfd902b97cdf39d74f0e290ceafe9380ad98a05f56ce0b62f4428ae225287c2a5358480847c81564d61e72a354e809544994146e1fc30e7ad525fd

Score
10/10
neshtaevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      d3de8650be06b7baef11e68977865d0aa4747d0cc6b8c0274185a5e79a06cea9

    • Size

      1.5MB

    • MD5

      73092e6a2353b35b933645fa9ff4fb35

    • SHA1

      cfb11f292e46f5cc11d13d1021af52375bfda30e

    • SHA256

      d3de8650be06b7baef11e68977865d0aa4747d0cc6b8c0274185a5e79a06cea9

    • SHA512

      6b883b247ecfd902b97cdf39d74f0e290ceafe9380ad98a05f56ce0b62f4428ae225287c2a5358480847c81564d61e72a354e809544994146e1fc30e7ad525fd

    Score
    10/10
    neshtaevasionpersistencespywarestealertrojan

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks