Overview

overview

10

Static

static

10

28d2db5be2...2b.exe

windows7_x64

10

28d2db5be2...2b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b

  • Size

    138KB

  • Sample

    220524-d4mn9ahfcj

  • MD5

    3f51592020f74b0499ecab9fb22597b2

  • SHA1

    66f8785648287bc5235903ac0cb73c808735adb2

  • SHA256

    28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b

  • SHA512

    82fadff70d5c7ac3be70fb7536863315fd650deea92056dec7b57fc531aa7dfeec1369807bbabd8a8687f21c4845da37ccb600a8a2783309fd46788abe78f31b

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b

    • Size

      138KB

    • MD5

      3f51592020f74b0499ecab9fb22597b2

    • SHA1

      66f8785648287bc5235903ac0cb73c808735adb2

    • SHA256

      28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b

    • SHA512

      82fadff70d5c7ac3be70fb7536863315fd650deea92056dec7b57fc531aa7dfeec1369807bbabd8a8687f21c4845da37ccb600a8a2783309fd46788abe78f31b

    Score
    10/10
    neshtapersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks