Overview

overview

10

Static

static

10

0ddb37e47f...38.exe

windows7_x64

10

0ddb37e47f...38.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ddb37e47f360871dab68d650d8bbba479cc1d324de367548f7d56f27ffb2938

  • Size

    292KB

  • Sample

    220524-bcyw4aedan

  • MD5

    789db28b9459533be65f8b48c6bc25c2

  • SHA1

    24dce9c01068022540f8880fb3a7e6162a2cd35f

  • SHA256

    0ddb37e47f360871dab68d650d8bbba479cc1d324de367548f7d56f27ffb2938

  • SHA512

    a66d6646add416204600961af01f9c4476efd134902d4c50d6570ac80608ae3f6a6073c515c3b00721d89b4ed973bbb4c1399c34a296d418a72357bbb5a924e7

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      0ddb37e47f360871dab68d650d8bbba479cc1d324de367548f7d56f27ffb2938

    • Size

      292KB

    • MD5

      789db28b9459533be65f8b48c6bc25c2

    • SHA1

      24dce9c01068022540f8880fb3a7e6162a2cd35f

    • SHA256

      0ddb37e47f360871dab68d650d8bbba479cc1d324de367548f7d56f27ffb2938

    • SHA512

      a66d6646add416204600961af01f9c4476efd134902d4c50d6570ac80608ae3f6a6073c515c3b00721d89b4ed973bbb4c1399c34a296d418a72357bbb5a924e7

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks