Overview

overview

10

Static

static

10

f631911728...98.exe

windows7-x64

10

f631911728...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6319117288471b42d4935c3972b20fbfbfaad0f4811aaba2561eff4ba1c4b98

  • Size

    5.6MB

  • Sample

    220731-eqnvtsfgc6

  • MD5

    e5dc0eb2e26a15f8a853aa7d59f60efa

  • SHA1

    26e16ced234195d062309d7983a50d27dd233998

  • SHA256

    f6319117288471b42d4935c3972b20fbfbfaad0f4811aaba2561eff4ba1c4b98

  • SHA512

    9160b2dd0dc58cc4132eaef34cb89097d2b4315b67aad3ff9b148f77bf5f0525bf037f83847709ee87150f4ae362dc13760f79fb723e345e7262f5a0032b1513

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      f6319117288471b42d4935c3972b20fbfbfaad0f4811aaba2561eff4ba1c4b98

    • Size

      5.6MB

    • MD5

      e5dc0eb2e26a15f8a853aa7d59f60efa

    • SHA1

      26e16ced234195d062309d7983a50d27dd233998

    • SHA256

      f6319117288471b42d4935c3972b20fbfbfaad0f4811aaba2561eff4ba1c4b98

    • SHA512

      9160b2dd0dc58cc4132eaef34cb89097d2b4315b67aad3ff9b148f77bf5f0525bf037f83847709ee87150f4ae362dc13760f79fb723e345e7262f5a0032b1513

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks