Static task
static1
Behavioral task
behavioral1
Sample
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
Resource
win10v2004-en-20220112
General
-
Target
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5
-
Size
5.6MB
-
MD5
9fdf25377a0368ae22b809ba47b5eef8
-
SHA1
32b3a2e01733a825df61e0c3d316c0a8a2bf62a5
-
SHA256
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5
-
SHA512
ea304caa721c91639d9b46e16490488ed923f82a5cab6efdf56bf417ddad8aec8c72485bef4273381acb4dd66a2eedbb039af242575268dedb479c76fe72965f
-
SSDEEP
98304:Wx/P1Xb2poSdCEpH3X/YtARu6MpC6IE4Qn9BuB3:WxlXb2pXdCEVC9kK
Malware Config
Signatures
-
Detect Neshta Payload 1 IoCs
Processes:
resource yara_rule sample family_neshta -
Neshta family
-
Nirsoft 1 IoCs
Processes:
resource yara_rule sample Nirsoft -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule sample WebBrowserPassView
Files
-
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ