Overview

overview

10

Static

static

058c52662d...7f.exe

windows7-x64

10

058c52662d...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    058c52662da15f6bf89746c0e4fea38a9e7a6ec126178320a50c810efad2547f

  • Size

    468KB

  • Sample

    221019-3zdm8adgf4

  • MD5

    909327c7d88bf250525c282ab0fd2958

  • SHA1

    19510c06bef12f19fd842890960f22812c845356

  • SHA256

    058c52662da15f6bf89746c0e4fea38a9e7a6ec126178320a50c810efad2547f

  • SHA512

    78da87149fd058dda2fe382efb7486e884966998078c20a381bafd659fe02068c5e2099b985933dd5d97a50ea294c94ac35af7de83b977c33dba7da13fa25183

  • SSDEEP

    12288:Ygu75iqoEDSYpoG8R9/nc3RFiCf8fwISSgYx5PM:HXBgisO

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      058c52662da15f6bf89746c0e4fea38a9e7a6ec126178320a50c810efad2547f

    • Size

      468KB

    • MD5

      909327c7d88bf250525c282ab0fd2958

    • SHA1

      19510c06bef12f19fd842890960f22812c845356

    • SHA256

      058c52662da15f6bf89746c0e4fea38a9e7a6ec126178320a50c810efad2547f

    • SHA512

      78da87149fd058dda2fe382efb7486e884966998078c20a381bafd659fe02068c5e2099b985933dd5d97a50ea294c94ac35af7de83b977c33dba7da13fa25183

    • SSDEEP

      12288:Ygu75iqoEDSYpoG8R9/nc3RFiCf8fwISSgYx5PM:HXBgisO

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks