Overview

overview

10

Static

static

5

DLL Files ...or.exe

windows7-x64

10

DLL Files ...or.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1819902b959cd642c8b24b47483f7fd162df3a166ff0897a7443eda729b2201

  • Size

    429KB

  • Sample

    221127-c5gzqadc63

  • MD5

    1e4bdcdfa722266ac07eecbebc7fbec1

  • SHA1

    475973d48045053db78fd72a1491255559f6e810

  • SHA256

    e1819902b959cd642c8b24b47483f7fd162df3a166ff0897a7443eda729b2201

  • SHA512

    0f31e8b6b96dd49b45832cd90fa61a416bc240ba01b32e22dd2536d6d50dccbb1678164b5a3da9c658e031fb09b0601b2508a0e961fcef64fce301da2308399b

  • SSDEEP

    12288:IcLOYLWeCxn5PqVcbHB+TRxTOemZ49ap2hb8rRrSg:IchW75PqezBw7Oemr2B2z

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      DLL Files Fixer_ Activator.exe

    • Size

      733KB

    • MD5

      18e67930a20cde9e27ac3169615b8abc

    • SHA1

      8c36f92233be12440c62aa71b47b8f92fe4eec7e

    • SHA256

      383a473a44c5b8009f91f15340634fe3786dd2e57cdd677f45505aa622d03c8f

    • SHA512

      431339f98539e75e97745a1efbdc194156f331821ba62f95961b4ea8b1906f31459b4fe96cdca249115a51a0003bd8d22db51ded29775f4a3894b05f88c1f031

    • SSDEEP

      12288:qhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aTA25b8jyrSG:qRmJkcoQricOIQxiZY1iaTA2pJB

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks