Overview

overview

10

Static

static

10

bb3217d01b...de.exe

windows7_x64

10

bb3217d01b...de.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb3217d01b9e6523c76e8436248cc2a324ef02fdde24b657c6f871d77b6dffde

  • Size

    231KB

  • Sample

    220523-3zdyzsdeel

  • MD5

    bc8c8b7f8b8d53b737b4b1dc67fbde1d

  • SHA1

    6fe6fecc194ec5ceb7103fb35a74bb473606dcd0

  • SHA256

    bb3217d01b9e6523c76e8436248cc2a324ef02fdde24b657c6f871d77b6dffde

  • SHA512

    0d338306e000757d19562a7eb158b9fa750bc72b95dacee746c7fa6f571c4eaf6dc25689f51d4f3d442c518b06f75cc9640bbd1ae32565ddbae5691b14da3bbb

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      bb3217d01b9e6523c76e8436248cc2a324ef02fdde24b657c6f871d77b6dffde

    • Size

      231KB

    • MD5

      bc8c8b7f8b8d53b737b4b1dc67fbde1d

    • SHA1

      6fe6fecc194ec5ceb7103fb35a74bb473606dcd0

    • SHA256

      bb3217d01b9e6523c76e8436248cc2a324ef02fdde24b657c6f871d77b6dffde

    • SHA512

      0d338306e000757d19562a7eb158b9fa750bc72b95dacee746c7fa6f571c4eaf6dc25689f51d4f3d442c518b06f75cc9640bbd1ae32565ddbae5691b14da3bbb

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks