Overview

overview

10

Static

static

10

618a916624...ae.exe

windows7_x64

10

618a916624...ae.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    618a9166244aab81c248adfd2c3f5bf85de8d4f4ef8fcc0e39b2207c9b54bdae

  • Size

    326KB

  • Sample

    220214-d992qsedb4

  • MD5

    d758c58945e88d979be50145ae2f844d

  • SHA1

    3555e08265bd19a5edf608a5b9b7ee8534e5bd2c

  • SHA256

    618a9166244aab81c248adfd2c3f5bf85de8d4f4ef8fcc0e39b2207c9b54bdae

  • SHA512

    9b727a796e4bf15296a70fee8ca9b5de11e72f06cdcf723904d1f857bb1d7fad9db573754f65963d3c9b32a2532bfb9d6fde11cde4ae61058b42a0a8657db3fe

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      618a9166244aab81c248adfd2c3f5bf85de8d4f4ef8fcc0e39b2207c9b54bdae

    • Size

      326KB

    • MD5

      d758c58945e88d979be50145ae2f844d

    • SHA1

      3555e08265bd19a5edf608a5b9b7ee8534e5bd2c

    • SHA256

      618a9166244aab81c248adfd2c3f5bf85de8d4f4ef8fcc0e39b2207c9b54bdae

    • SHA512

      9b727a796e4bf15296a70fee8ca9b5de11e72f06cdcf723904d1f857bb1d7fad9db573754f65963d3c9b32a2532bfb9d6fde11cde4ae61058b42a0a8657db3fe

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks