neshta | fbae158ac6dd24def292daa93ee48cc31b500a71fe10c19ddfe9b4c4c030c6f8 | Triage

Sharing

General

Target

fbae158ac6dd24def292daa93ee48cc31b500a71fe10c19ddfe9b4c4c030c6f8
Size

699KB
MD5

bb504aa1e8a618ae1100250b990a0bfe
SHA1

446a7dd6c070cd836f44ea64885e2092aa51e19c
SHA256

fbae158ac6dd24def292daa93ee48cc31b500a71fe10c19ddfe9b4c4c030c6f8
SHA512

ebd509cae43cb74e11ecbc6a37f2425107b3b2145085eb0ff3941ce91c0ad7a4a3771d4863a2ecdcda77c3d6c9087ba271a7edb548e4efb16b47554de9115508
SSDEEP

12288:TmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyF0/9HMeF:TBIGkbxqEcjsWiDxguehC2S7pj

Score

10^/10

neshta darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet
Detect Neshta payload 1 IoCs

Processes:

resource yara_rule

sample family_neshta
Neshta family
neshta

Files

fbae158ac6dd24def292daa93ee48cc31b500a71fe10c19ddfe9b4c4c030c6f8
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ