Overview

overview

10

Static

static

10

e7000e328f...3f.exe

windows7_x64

10

e7000e328f...3f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7000e328ff4f4c4aca5e0f096cd873be6225ffd694f4723f2e48b5288849b3f

  • Size

    2.4MB

  • Sample

    220524-bmgessbdd3

  • MD5

    66b936cb3969b8801feafb1dae2152dd

  • SHA1

    4988d0840f4a7867bcf2141ab03b2fe0261e0c2e

  • SHA256

    e7000e328ff4f4c4aca5e0f096cd873be6225ffd694f4723f2e48b5288849b3f

  • SHA512

    2efa5b2fefd644c933f04a8f6ed8862a88e7e1514be76620c7a242dbd3d43d03e2ecaef1b501ccab7756167fd18688d1c1122461aac1071476b1585a01f08d41

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      e7000e328ff4f4c4aca5e0f096cd873be6225ffd694f4723f2e48b5288849b3f

    • Size

      2.4MB

    • MD5

      66b936cb3969b8801feafb1dae2152dd

    • SHA1

      4988d0840f4a7867bcf2141ab03b2fe0261e0c2e

    • SHA256

      e7000e328ff4f4c4aca5e0f096cd873be6225ffd694f4723f2e48b5288849b3f

    • SHA512

      2efa5b2fefd644c933f04a8f6ed8862a88e7e1514be76620c7a242dbd3d43d03e2ecaef1b501ccab7756167fd18688d1c1122461aac1071476b1585a01f08d41

    Score
    10/10
    neshtapersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks