Overview

overview

10

Static

static

10

3e884ca464...82.exe

windows7_x64

10

3e884ca464...82.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e884ca4649cea327a01cffc82cbac8130d7d28a043af13f40b930b09f491a82

  • Size

    5.1MB

  • Sample

    220524-c54hqagbbl

  • MD5

    0d8b868fa595f8e4a36b4c5766397a65

  • SHA1

    a85ce3c347e889aa18efcb4dbbad40a50dc9bf97

  • SHA256

    3e884ca4649cea327a01cffc82cbac8130d7d28a043af13f40b930b09f491a82

  • SHA512

    db2b0f8ffe03d7c3348c94de2bb3b2184e399494bf8c18ff81d5b7b20b0e261a239f9f09c4668239f23d5f5671cec03a9246eba988998305af06873f12142234

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      3e884ca4649cea327a01cffc82cbac8130d7d28a043af13f40b930b09f491a82

    • Size

      5.1MB

    • MD5

      0d8b868fa595f8e4a36b4c5766397a65

    • SHA1

      a85ce3c347e889aa18efcb4dbbad40a50dc9bf97

    • SHA256

      3e884ca4649cea327a01cffc82cbac8130d7d28a043af13f40b930b09f491a82

    • SHA512

      db2b0f8ffe03d7c3348c94de2bb3b2184e399494bf8c18ff81d5b7b20b0e261a239f9f09c4668239f23d5f5671cec03a9246eba988998305af06873f12142234

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks