neshta | 521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec[.]zip

General

Target

521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec.zip
Size

8.1MB
MD5

67a17b033c17e77708c1a918407985cb
SHA1

94bbcba3835d3b49de3ebcf8c9b8e7cc6ffab095
SHA256

40fe14bb211ec9fecbe5a3a8750bf1a8fd9104264f3f76178ac4b3778e656506
SHA512

11e6540204ccde4022eed99698ad1f68b6cc79ac5c7eca98bc0e5be858e7c0278455871f345ad2b843db3e8b6bc3e9909c00132ab229214736d5e0d01d85fc74
SSDEEP

196608:QTpw9gaBJmOEMWMf3wzUWOv/3gcByPlzzR90yyLYr4LoHg2ID:nmaHjPWIWUxvty9zzAB5oA2K

Score

10^/10

neshta

Detect Neshta payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec	family_neshta

521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec.zip
.zip

Password: infected
521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ