Overview

overview

10

Static

static

10

86e8d22906...4d.exe

windows7_x64

10

86e8d22906...4d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86e8d22906fd550d52dcc6c2352b2c1a3eb6798c1010ae2424a6523f89dfb34d

  • Size

    338KB

  • Sample

    220524-qv8lkscgc8

  • MD5

    39e4a765f9f5bd83bafb10167abe3d3b

  • SHA1

    7661eb228a62c9076cb954a207f452b4934947f1

  • SHA256

    86e8d22906fd550d52dcc6c2352b2c1a3eb6798c1010ae2424a6523f89dfb34d

  • SHA512

    f02604a7762bdc559b45a51a4336fba8091aed6b11d78dfc4bc48728fbfa39485ae54196fe8b5115310b0ae6d1ff35eaba00ea2e01d307f8ef9935c3eba4b067

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      86e8d22906fd550d52dcc6c2352b2c1a3eb6798c1010ae2424a6523f89dfb34d

    • Size

      338KB

    • MD5

      39e4a765f9f5bd83bafb10167abe3d3b

    • SHA1

      7661eb228a62c9076cb954a207f452b4934947f1

    • SHA256

      86e8d22906fd550d52dcc6c2352b2c1a3eb6798c1010ae2424a6523f89dfb34d

    • SHA512

      f02604a7762bdc559b45a51a4336fba8091aed6b11d78dfc4bc48728fbfa39485ae54196fe8b5115310b0ae6d1ff35eaba00ea2e01d307f8ef9935c3eba4b067

    Score
    10/10
    neshtapersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks