Overview

overview

10

Static

static

e939caa2f3...8c.exe

windows7-x64

10

e939caa2f3...8c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e939caa2f398e83820ed3c2430415091b3f12c6ae9fceadb63456b54b17b038c

  • Size

    800KB

  • Sample

    221121-ngpkfagc96

  • MD5

    229b7fd26b630d494dc540aead7d4610

  • SHA1

    b7f7d73069c3be43d80f33f4114a60d85faacbdf

  • SHA256

    e939caa2f398e83820ed3c2430415091b3f12c6ae9fceadb63456b54b17b038c

  • SHA512

    6fc2b77e36d36d7c6bacb580313988eed2ec9b80f3d0a3ea3f922947842dba7899e51ee16c8d3d84d4d117f9be701f2e75ea85d7e302986d1b9b849ae8d19b49

  • SSDEEP

    12288:B11jN3F+rRZcz2imUSmGkgoiFOFuavymTZ3DqGyUJWx5VybCODUbH89WLH:fh+rRZcz2fWGYiuFvpZO5YQHb

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      e939caa2f398e83820ed3c2430415091b3f12c6ae9fceadb63456b54b17b038c

    • Size

      800KB

    • MD5

      229b7fd26b630d494dc540aead7d4610

    • SHA1

      b7f7d73069c3be43d80f33f4114a60d85faacbdf

    • SHA256

      e939caa2f398e83820ed3c2430415091b3f12c6ae9fceadb63456b54b17b038c

    • SHA512

      6fc2b77e36d36d7c6bacb580313988eed2ec9b80f3d0a3ea3f922947842dba7899e51ee16c8d3d84d4d117f9be701f2e75ea85d7e302986d1b9b849ae8d19b49

    • SSDEEP

      12288:B11jN3F+rRZcz2imUSmGkgoiFOFuavymTZ3DqGyUJWx5VybCODUbH89WLH:fh+rRZcz2fWGYiuFvpZO5YQHb

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks