Overview

overview

10

Static

static

10

82a645970d...8e.exe

windows7_x64

10

82a645970d...8e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82a645970da492ee34918e208fc2c0195be9a8e0c07ab86d39842cfe6974d08e

  • Size

    128KB

  • Sample

    220213-p15anscack

  • MD5

    4e31fd6664bad6e5ca238c9dd4950758

  • SHA1

    4f267300e254b8a1a07fabb8f0b7ef9a88fe7aa5

  • SHA256

    82a645970da492ee34918e208fc2c0195be9a8e0c07ab86d39842cfe6974d08e

  • SHA512

    0be72dec927fcacc713de0def97a7b639ee1a4f159d3c631b14e0ec2638572807d76c95fe2f03df83c186d960c70cfd1f1d629e2814b867425b24ae9f1e8089e

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      82a645970da492ee34918e208fc2c0195be9a8e0c07ab86d39842cfe6974d08e

    • Size

      128KB

    • MD5

      4e31fd6664bad6e5ca238c9dd4950758

    • SHA1

      4f267300e254b8a1a07fabb8f0b7ef9a88fe7aa5

    • SHA256

      82a645970da492ee34918e208fc2c0195be9a8e0c07ab86d39842cfe6974d08e

    • SHA512

      0be72dec927fcacc713de0def97a7b639ee1a4f159d3c631b14e0ec2638572807d76c95fe2f03df83c186d960c70cfd1f1d629e2814b867425b24ae9f1e8089e

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks