Overview

overview

10

Static

static

71c87fa025...98.exe

windows7_x64

10

71c87fa025...98.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71c87fa0253635f3563d6e605e893d02d87b00d59437cb3a0ab75dcf96596f98

  • Size

    1.5MB

  • Sample

    220206-nxwcxshhc2

  • MD5

    4ad767ee5e28521f721ea2a08baa20b3

  • SHA1

    3f088abcd0221ede88367146b08737b119c10c73

  • SHA256

    71c87fa0253635f3563d6e605e893d02d87b00d59437cb3a0ab75dcf96596f98

  • SHA512

    50b044523e8f8e9c027385edf037aa513a1297601af80682299b56fa6f87bf2fe1660ea8ea8b14201fb4204942a3a826b3cccd43c2309d8777f1c4c55878e67d

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      71c87fa0253635f3563d6e605e893d02d87b00d59437cb3a0ab75dcf96596f98

    • Size

      1.5MB

    • MD5

      4ad767ee5e28521f721ea2a08baa20b3

    • SHA1

      3f088abcd0221ede88367146b08737b119c10c73

    • SHA256

      71c87fa0253635f3563d6e605e893d02d87b00d59437cb3a0ab75dcf96596f98

    • SHA512

      50b044523e8f8e9c027385edf037aa513a1297601af80682299b56fa6f87bf2fe1660ea8ea8b14201fb4204942a3a826b3cccd43c2309d8777f1c4c55878e67d

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks