Overview

overview

10

Static

static

10

065b434285...48.exe

windows7-x64

10

065b434285...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    065b4342858e70cc71fb13912dbffb3662f8bfa21bfed3baeb697c2a5605df48

  • Size

    254KB

  • Sample

    221118-2dmhkaeg9w

  • MD5

    27bb96356c8fb415ba550729359681d0

  • SHA1

    678b5c42411c6779c2605b5ed7934669d97f6a59

  • SHA256

    065b4342858e70cc71fb13912dbffb3662f8bfa21bfed3baeb697c2a5605df48

  • SHA512

    f6affda4ea5073da2f83bd5fa8fb95b483fa02cc933f2dbb1099eacd48e91808596bd2c79136528b0b4b9f49f022fc1e17e1f5e5c5a97643584442b2befd3fe8

  • SSDEEP

    3072:sr85CsQVM+ILNJzIS5Q3S0lPqp0MQ3Ml2LKQD:k9sQ6JveSHQ3M9QD

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      065b4342858e70cc71fb13912dbffb3662f8bfa21bfed3baeb697c2a5605df48

    • Size

      254KB

    • MD5

      27bb96356c8fb415ba550729359681d0

    • SHA1

      678b5c42411c6779c2605b5ed7934669d97f6a59

    • SHA256

      065b4342858e70cc71fb13912dbffb3662f8bfa21bfed3baeb697c2a5605df48

    • SHA512

      f6affda4ea5073da2f83bd5fa8fb95b483fa02cc933f2dbb1099eacd48e91808596bd2c79136528b0b4b9f49f022fc1e17e1f5e5c5a97643584442b2befd3fe8

    • SSDEEP

      3072:sr85CsQVM+ILNJzIS5Q3S0lPqp0MQ3Ml2LKQD:k9sQ6JveSHQ3M9QD

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks