Overview

overview

10

Static

static

10

49233a7ee2...f4.exe

windows7_x64

10

49233a7ee2...f4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49233a7ee26c31148bd1aac90c85f35f94577cd6c39c884f058fde7ee37129f4

  • Size

    798KB

  • Sample

    220211-gdahsadadp

  • MD5

    fb05f6f3f0d4b4e50af8a270d4d6b527

  • SHA1

    84424b6f3ab0659889269d1d670399b2d8ed229e

  • SHA256

    49233a7ee26c31148bd1aac90c85f35f94577cd6c39c884f058fde7ee37129f4

  • SHA512

    b8e5bb89084a1d305483abd1669759ed8859845d0b127603d66b76e85075f5f71f82651736c4074ecc511a7f14c12b7c37f4fcb9a71022330875516c2ca8733c

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      49233a7ee26c31148bd1aac90c85f35f94577cd6c39c884f058fde7ee37129f4

    • Size

      798KB

    • MD5

      fb05f6f3f0d4b4e50af8a270d4d6b527

    • SHA1

      84424b6f3ab0659889269d1d670399b2d8ed229e

    • SHA256

      49233a7ee26c31148bd1aac90c85f35f94577cd6c39c884f058fde7ee37129f4

    • SHA512

      b8e5bb89084a1d305483abd1669759ed8859845d0b127603d66b76e85075f5f71f82651736c4074ecc511a7f14c12b7c37f4fcb9a71022330875516c2ca8733c

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks