Overview

overview

10

Static

static

10

78df678b2a...1c.exe

windows7_x64

10

78df678b2a...1c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78df678b2af8f1d4cf0f8ccc8423398cc2bafac6ad8056f3c4072bd59470c61c

  • Size

    630KB

  • Sample

    220523-3ykp5sabf3

  • MD5

    dd0ebd1e425cfa550e044cf7af8a2bd6

  • SHA1

    4f1c6d4f967c4b6b37a2631649c0b3226cf2590e

  • SHA256

    78df678b2af8f1d4cf0f8ccc8423398cc2bafac6ad8056f3c4072bd59470c61c

  • SHA512

    cd4424e2c50bb5a453715828af47ba8e40276f5d9284463ce89b637bbd4caaef91df60e356bf94ece1ffed9107468e9e49118f877cd69e62f538208b590e8d6c

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      78df678b2af8f1d4cf0f8ccc8423398cc2bafac6ad8056f3c4072bd59470c61c

    • Size

      630KB

    • MD5

      dd0ebd1e425cfa550e044cf7af8a2bd6

    • SHA1

      4f1c6d4f967c4b6b37a2631649c0b3226cf2590e

    • SHA256

      78df678b2af8f1d4cf0f8ccc8423398cc2bafac6ad8056f3c4072bd59470c61c

    • SHA512

      cd4424e2c50bb5a453715828af47ba8e40276f5d9284463ce89b637bbd4caaef91df60e356bf94ece1ffed9107468e9e49118f877cd69e62f538208b590e8d6c

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks