neshta | a4566ce588faa71c5e206342f744dd74e56e89656b23caebad5f03f7f9e49949 | Triage

Submit
Reports

Overview

overview

Static

static

0e2dd048c0...f5.exe

windows7-x64

0e2dd048c0...f5.exe

windows10-2004-x64

Sharing

General

Target

0e2dd048c0bd77d954c55f5986c8d971e99f1aa00900145fdf6f2bd43be7dff5
Size

1.1MB
Sample

221126-byzqhsfe8x
MD5

b7e0e3bc8eed672925e5178f86e5ae76
SHA1

8a95d607baf432751892c23dfa301b1212b8a151
SHA256

a4566ce588faa71c5e206342f744dd74e56e89656b23caebad5f03f7f9e49949
SHA512

f0ddb81595df5188f5f31d00fda6527fbddd5cc7dc8f6eae2e10d0a60d5c561b9021eb4fbc349706c555f08300a7af012178821a47ede2b3ec80a45586cda017
SSDEEP

24576:CT5oniNvHZlzbjB+dQz+gIqbm/fgMvHWxp0jBcHGffg9YmWiyJ8T:A5onSlvNeZqbmQIhCifC1yq

Score

10^/10

neshta xmrig miner persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0e2dd048c0bd77d954c55f5986c8d971e99f1aa00900145fdf6f2bd43be7dff5.exe

Resource

win7-20220812-en

neshta xmrig miner persistence spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e2dd048c0bd77d954c55f5986c8d971e99f1aa00900145fdf6f2bd43be7dff5.exe

Resource

win10v2004-20220812-en

neshta xmrig miner persistence spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e2dd048c0bd77d954c55f5986c8d971e99f1aa00900145fdf6f2bd43be7dff5
- Size
  
  1.1MB
- MD5
  
  6fcfd905ca541be7bef5211e51f33783
- SHA1
  
  6b92499c0bc80a5207b4c2807803da7b8cfd8eaf
- SHA256
  
  0e2dd048c0bd77d954c55f5986c8d971e99f1aa00900145fdf6f2bd43be7dff5
- SHA512
  
  586e4231877e7ed9e818621dc7822d47cdff2502139fc4f46837d490c6f134aee54c616505a60928d421fcdf2e3b875afb3309c4f8f022ee46e673a924180dab
- SSDEEP
  
  24576:DRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7H:FJzdnm4lT8Q1r0pieR7H
Score

10^/10

neshta xmrig miner persistence spyware stealer upx
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtaxmrigminerpersistencespywarestealerupx

behavioral2

neshtaxmrigminerpersistencespywarestealerupx

© 2018-2024

Terms | Privacy