Overview

overview

10

Static

static

10

311d0b7e6b...97.exe

windows7_x64

10

311d0b7e6b...97.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    311d0b7e6bf359f76592cd02483eddd53e27ae4583162cff364c7d1d857d5b97

  • Size

    2.5MB

  • Sample

    220523-zpdzfsgae2

  • MD5

    2ed88332567056bfef2764f5adc6dfc0

  • SHA1

    b7ad555c0ce377f5484950d0c374ffcc7f56d974

  • SHA256

    311d0b7e6bf359f76592cd02483eddd53e27ae4583162cff364c7d1d857d5b97

  • SHA512

    2cfccd0f056c598ddf584362c2b24b7fa7ef505a31bfe6b3d91a901ccb8cc66e49321afbcf1af081b9994845bf1b521b0ad381667eb9337de0f360df91c1b6de

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      311d0b7e6bf359f76592cd02483eddd53e27ae4583162cff364c7d1d857d5b97

    • Size

      2.5MB

    • MD5

      2ed88332567056bfef2764f5adc6dfc0

    • SHA1

      b7ad555c0ce377f5484950d0c374ffcc7f56d974

    • SHA256

      311d0b7e6bf359f76592cd02483eddd53e27ae4583162cff364c7d1d857d5b97

    • SHA512

      2cfccd0f056c598ddf584362c2b24b7fa7ef505a31bfe6b3d91a901ccb8cc66e49321afbcf1af081b9994845bf1b521b0ad381667eb9337de0f360df91c1b6de

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks