Overview

overview

10

Static

static

10

8c0511a670...dd.exe

windows7-x64

10

8c0511a670...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c0511a6708655d5eb086e69e6d7817b05cfdfb774d23462b93569f9b2d1f5dd

  • Size

    1.1MB

  • Sample

    221001-wkavfsaeem

  • MD5

    6adec6ff0c84cd0d2b8f2758f9fd5590

  • SHA1

    a993e05c6e3400cadd7a444018ec424220cc7ff6

  • SHA256

    8c0511a6708655d5eb086e69e6d7817b05cfdfb774d23462b93569f9b2d1f5dd

  • SHA512

    b8279ea0fafc5e8bf26d2292a6995c00cd8f35aaba948702c28049133d7e9445fe442d7fc6bbe63b568f19ee8277a72d4f2afed56379737988cd85d86ad7a026

  • SSDEEP

    24576:ZzLCFOoz9//Q9djUE1bNJT4qodmPLdu4chv:Js//Q9FFneR

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      8c0511a6708655d5eb086e69e6d7817b05cfdfb774d23462b93569f9b2d1f5dd

    • Size

      1.1MB

    • MD5

      6adec6ff0c84cd0d2b8f2758f9fd5590

    • SHA1

      a993e05c6e3400cadd7a444018ec424220cc7ff6

    • SHA256

      8c0511a6708655d5eb086e69e6d7817b05cfdfb774d23462b93569f9b2d1f5dd

    • SHA512

      b8279ea0fafc5e8bf26d2292a6995c00cd8f35aaba948702c28049133d7e9445fe442d7fc6bbe63b568f19ee8277a72d4f2afed56379737988cd85d86ad7a026

    • SSDEEP

      24576:ZzLCFOoz9//Q9djUE1bNJT4qodmPLdu4chv:Js//Q9FFneR

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks