Extracted

• • Target

    a03e9d78a3f0a89f5e9f98872635b6d8.exe

  • Size

    4.0MB

  • MD5

    a03e9d78a3f0a89f5e9f98872635b6d8

  • SHA1

    54b29a0a0d05e9deb1b28ea08e72545774dee65a

  • SHA256

    68652defc71770065997b7d60a64a3959446a114a2ee17a443a15ae8b767f150

  • SHA512

    d3513a9c5ffdd8f156f62fb986edb2b95005dcc49105020839d8fba02dff88aa77d6870eec52db2ad56ce7cd377c839ec26864130cba4b9d1ad62199828883db

  Score

  10^/10

  neshtaoskidiscoveryevasioninfostealerpersistencespywarestealerthemidatrojan

  • Detect Neshta payload

  • Modifies system executable filetype association

    persistence

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2