Overview

overview

10

Static

static

10

2c935d198c...eb.exe

windows7_x64

10

2c935d198c...eb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c935d198c7b89d6812ceedb05dfd8b885ee6fcd4e16dc434dfc21f0f19930eb

  • Size

    1.6MB

  • Sample

    220206-q9qz3sager

  • MD5

    c5e204baec4a3995fd6ccaef20f0888d

  • SHA1

    3e56bf9a91605df8aa6a576b5c2270c522926372

  • SHA256

    2c935d198c7b89d6812ceedb05dfd8b885ee6fcd4e16dc434dfc21f0f19930eb

  • SHA512

    93163d6c30ade44906198a81905f97454881f4dcdeee6cdc8dc620d4c09a5d0e0613715214e7baabc4745bc5f9b394e4d0788e2497f179d3043a8540757a20dd

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      2c935d198c7b89d6812ceedb05dfd8b885ee6fcd4e16dc434dfc21f0f19930eb

    • Size

      1.6MB

    • MD5

      c5e204baec4a3995fd6ccaef20f0888d

    • SHA1

      3e56bf9a91605df8aa6a576b5c2270c522926372

    • SHA256

      2c935d198c7b89d6812ceedb05dfd8b885ee6fcd4e16dc434dfc21f0f19930eb

    • SHA512

      93163d6c30ade44906198a81905f97454881f4dcdeee6cdc8dc620d4c09a5d0e0613715214e7baabc4745bc5f9b394e4d0788e2497f179d3043a8540757a20dd

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks