Overview

overview

10

Static

static

ORDER_Paym...df.exe

windows7_x64

10

ORDER_Paym...df.exe

windows10-2004_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79c821ae5a32fdf89c5e2dafb4e3640b77cab1c02b2cbf522a783258d314c75d

  • Size

    763KB

  • Sample

    220221-njn2pabaej

  • MD5

    77eb6fdb0e6401e66c593b9e7cbb8b75

  • SHA1

    130cec5bb3cbeea94aa465b2a34052659a6d96f5

  • SHA256

    79c821ae5a32fdf89c5e2dafb4e3640b77cab1c02b2cbf522a783258d314c75d

  • SHA512

    734ed4e6c302ce43cd6384acdfbef193fee31f23f5080951859d2159b292f3b8008ee17878939a263a8782668b4b3e1c55ce3fb7d5004ad878d5acfecfd24bda

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      ORDER_Payment delay order_pdf.exe

    • Size

      1.3MB

    • MD5

      69809a06bb1bcf7e37c23806d1999556

    • SHA1

      3ec602156676d4014078392abb6b757f64d314dd

    • SHA256

      a13d885104ce1f6005c956cb50e82aec853b48b98c881d6b71fda31580f139f7

    • SHA512

      cb6a9b87486fe999fbb8626fcea61a00b439c59d696b618c1f83fe131addf9f1c2417a8d77a811f8b917a52c97cdbe5cd10a15f35e248c71d4007567cd34938e

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks