Overview

overview

10

Static

static

10

879c28cf41...40.exe

windows7_x64

10

879c28cf41...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    879c28cf41c4f3c341214d05ff7bedc0c244f43c1beea4cce451ce1a3b680640

  • Size

    1.5MB

  • Sample

    220206-m8mdqahgck

  • MD5

    09f222a0aa9752f778bc5a5b576da9be

  • SHA1

    3570e76c59754b502f6c2b784acaf81b4ad4838d

  • SHA256

    879c28cf41c4f3c341214d05ff7bedc0c244f43c1beea4cce451ce1a3b680640

  • SHA512

    f3a82483f4b2cdfd8c7ba9510f49e3bbfeb116f1ced310063febd68522e38a1e553dd76d22aaa3bfc930e8590d8bcb7be90d83306c134953d29284d9436e8b44

Score
10/10
neshtaevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      879c28cf41c4f3c341214d05ff7bedc0c244f43c1beea4cce451ce1a3b680640

    • Size

      1.5MB

    • MD5

      09f222a0aa9752f778bc5a5b576da9be

    • SHA1

      3570e76c59754b502f6c2b784acaf81b4ad4838d

    • SHA256

      879c28cf41c4f3c341214d05ff7bedc0c244f43c1beea4cce451ce1a3b680640

    • SHA512

      f3a82483f4b2cdfd8c7ba9510f49e3bbfeb116f1ced310063febd68522e38a1e553dd76d22aaa3bfc930e8590d8bcb7be90d83306c134953d29284d9436e8b44

    Score
    10/10
    neshtaevasionpersistencespywarestealertrojan

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks