Overview

overview

10

Static

static

9cbbb72f2c...a9.exe

windows7-x64

8

9cbbb72f2c...a9.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9cbbb72f2c96701ef8ae93f0cf540e97a14b96ea6fcbdb6c13f0eacc3a1f39a9

  • Size

    1.7MB

  • Sample

    221029-h3y34sfda5

  • MD5

    49e4da6c8df0140e55d868e3589449da

  • SHA1

    36b887189105f1975fe5d03a906f6bd6eba19e43

  • SHA256

    9cbbb72f2c96701ef8ae93f0cf540e97a14b96ea6fcbdb6c13f0eacc3a1f39a9

  • SHA512

    942598433b78f54a7fac5ec351389ab5b2f68c557175febdaa7552a9f9e66014223fc587faba1e80a75e8976db5948897907016506e3f4b027d36bc69bca3f8c

  • SSDEEP

    24576:ja/pczg/t9cxnrAwNwHwLgJFExKRJe2hSlY9f1Q5ch:OpaKAnrAwNwHwLgJlHhSlYt1Q5+

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      9cbbb72f2c96701ef8ae93f0cf540e97a14b96ea6fcbdb6c13f0eacc3a1f39a9

    • Size

      1.7MB

    • MD5

      49e4da6c8df0140e55d868e3589449da

    • SHA1

      36b887189105f1975fe5d03a906f6bd6eba19e43

    • SHA256

      9cbbb72f2c96701ef8ae93f0cf540e97a14b96ea6fcbdb6c13f0eacc3a1f39a9

    • SHA512

      942598433b78f54a7fac5ec351389ab5b2f68c557175febdaa7552a9f9e66014223fc587faba1e80a75e8976db5948897907016506e3f4b027d36bc69bca3f8c

    • SSDEEP

      24576:ja/pczg/t9cxnrAwNwHwLgJFExKRJe2hSlY9f1Q5ch:OpaKAnrAwNwHwLgJlHhSlYt1Q5+

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks