Overview

overview

10

Static

static

10

retakedesign.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    retakedesign.exe

  • Size

    7.4MB

  • Sample

    220303-nbh6gacfbn

  • MD5

    6f14ad4e2a863b0723ee5067b0e3bd0e

  • SHA1

    d4d74255e4d8f66d84e8b42f90cb00c0f66c5914

  • SHA256

    68bfdae82e42906e8c94f4e81c09c20609113c2d9cfdbf328ee5aaf783931e05

  • SHA512

    94d1deaf5bb6196244099c1ce5889c1a6f391939f692f521d388a8627c9831310392286a6de5a4d49d03f7faed91c88f1c551367151600b5d6ad71b963d944ab

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      retakedesign.exe

    • Size

      7.4MB

    • MD5

      6f14ad4e2a863b0723ee5067b0e3bd0e

    • SHA1

      d4d74255e4d8f66d84e8b42f90cb00c0f66c5914

    • SHA256

      68bfdae82e42906e8c94f4e81c09c20609113c2d9cfdbf328ee5aaf783931e05

    • SHA512

      94d1deaf5bb6196244099c1ce5889c1a6f391939f692f521d388a8627c9831310392286a6de5a4d49d03f7faed91c88f1c551367151600b5d6ad71b963d944ab

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks