Overview

overview

10

Static

static

cc3d4f7ab2...0f.exe

windows7-x64

10

cc3d4f7ab2...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc3d4f7ab283467f9d12ee695f9f15e13695758ecad9a10e5d00391bac289f0f

  • Size

    1.0MB

  • Sample

    221124-cnkdhsec3y

  • MD5

    63a9412ac3ee7fc57a66646f11d8efef

  • SHA1

    1244a5b077392406c72a757901ba29c36ea877ba

  • SHA256

    cc3d4f7ab283467f9d12ee695f9f15e13695758ecad9a10e5d00391bac289f0f

  • SHA512

    88716c17af7db1fa640e5fbebe71d1d5545fdf482b2ac7239b6152f3a773a7bbca5d6efffb48d2956b1f6b8e412477414705799df6cc7f56cb7f6312e460f0fd

  • SSDEEP

    24576:TWH1iyyz2io8ipYgNBdr9eRfVdFZNFF0hT:CHRoDF7FYT

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      cc3d4f7ab283467f9d12ee695f9f15e13695758ecad9a10e5d00391bac289f0f

    • Size

      1.0MB

    • MD5

      63a9412ac3ee7fc57a66646f11d8efef

    • SHA1

      1244a5b077392406c72a757901ba29c36ea877ba

    • SHA256

      cc3d4f7ab283467f9d12ee695f9f15e13695758ecad9a10e5d00391bac289f0f

    • SHA512

      88716c17af7db1fa640e5fbebe71d1d5545fdf482b2ac7239b6152f3a773a7bbca5d6efffb48d2956b1f6b8e412477414705799df6cc7f56cb7f6312e460f0fd

    • SSDEEP

      24576:TWH1iyyz2io8ipYgNBdr9eRfVdFZNFF0hT:CHRoDF7FYT

    Score
    10/10
    neshtapersistencespyware

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks