Overview

overview

10

Static

static

PURCHASE O...48.exe

windows7-x64

10

PURCHASE O...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER No. 2210748.exe

  • Size

    60KB

  • Sample

    220906-qvbxlsagfp

  • MD5

    8626c81eed96c8096820864fc005d248

  • SHA1

    b383487bcda8ac2a8763a31cc9de3b1ddea472cd

  • SHA256

    1e6e0886d9d29f56259e1a5a7890727af76f8f46011341f755381704aa32ce36

  • SHA512

    41187c9b45ee252d46718d37d1563a958a487f33e60592c7ed3f1db8a8911727ab95eef254eb57e4247dd68ae5298bf23631fb0ac721d053df62c7302826ed37

  • SSDEEP

    1536:75XYNK5uDUaQl+kzdC9GiZQWSwi/fUpS/fX/MNZ:7CQ5uis1Jy///f/M7

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      PURCHASE ORDER No. 2210748.exe

    • Size

      60KB

    • MD5

      8626c81eed96c8096820864fc005d248

    • SHA1

      b383487bcda8ac2a8763a31cc9de3b1ddea472cd

    • SHA256

      1e6e0886d9d29f56259e1a5a7890727af76f8f46011341f755381704aa32ce36

    • SHA512

      41187c9b45ee252d46718d37d1563a958a487f33e60592c7ed3f1db8a8911727ab95eef254eb57e4247dd68ae5298bf23631fb0ac721d053df62c7302826ed37

    • SSDEEP

      1536:75XYNK5uDUaQl+kzdC9GiZQWSwi/fUpS/fX/MNZ:7CQ5uis1Jy///f/M7

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks