Overview

overview

10

Static

static

10

19d48d20b9...64.exe

windows7_x64

10

19d48d20b9...64.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19d48d20b913323e176a92e29067d817742c7fe928db704079bbd472af04dd64

  • Size

    923KB

  • Sample

    220524-r95znsfca8

  • MD5

    4d42a69f6e64c6cddf46dae65cf831b3

  • SHA1

    8bb21d34d384459fdc05f571fc96849bc47a10c0

  • SHA256

    19d48d20b913323e176a92e29067d817742c7fe928db704079bbd472af04dd64

  • SHA512

    f8f481f8ffdcf36880ea10425db4bb62f46b794fc374fea3773d210bcc301bbda1ea4a11e123cc996f2e7b40950f2276e8c518b0d0882841c90f9932cc0cfc3a

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      19d48d20b913323e176a92e29067d817742c7fe928db704079bbd472af04dd64

    • Size

      923KB

    • MD5

      4d42a69f6e64c6cddf46dae65cf831b3

    • SHA1

      8bb21d34d384459fdc05f571fc96849bc47a10c0

    • SHA256

      19d48d20b913323e176a92e29067d817742c7fe928db704079bbd472af04dd64

    • SHA512

      f8f481f8ffdcf36880ea10425db4bb62f46b794fc374fea3773d210bcc301bbda1ea4a11e123cc996f2e7b40950f2276e8c518b0d0882841c90f9932cc0cfc3a

    Score
    10/10
    neshtapersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks