Overview

overview

10

Static

static

5

c767020810...3a.exe

windows7-x64

10

c767020810...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c767020810b099c4ebb24220ab9a317b658a2f2a26be762d02a95a2efb7fc63a

  • Size

    1.6MB

  • Sample

    221128-lmhmzadc62

  • MD5

    30cd1f10f393ce0355ab0272e6fe40c0

  • SHA1

    ff02be22b87d48e1a9b5b3544fd249937c09665f

  • SHA256

    c767020810b099c4ebb24220ab9a317b658a2f2a26be762d02a95a2efb7fc63a

  • SHA512

    f43c54ee53310378d50e03b2a150ff3d06fabc8bd1993c63492f96026dfde6ed18b03c2f771b63dd57f9384d04fd72594fd0276c812b2e989d6f7a0f2525e457

  • SSDEEP

    24576:Ftb20pkaCqT5TBWgNQ7aW5MB6dDVPHbZdR17P3e8W0A6A:2Vg5tQ7aW5RdVdpPu845

Score
10/10
neshtapersistencespyware

Malware Config

Targets

    • Target

      c767020810b099c4ebb24220ab9a317b658a2f2a26be762d02a95a2efb7fc63a

    • Size

      1.6MB

    • MD5

      30cd1f10f393ce0355ab0272e6fe40c0

    • SHA1

      ff02be22b87d48e1a9b5b3544fd249937c09665f

    • SHA256

      c767020810b099c4ebb24220ab9a317b658a2f2a26be762d02a95a2efb7fc63a

    • SHA512

      f43c54ee53310378d50e03b2a150ff3d06fabc8bd1993c63492f96026dfde6ed18b03c2f771b63dd57f9384d04fd72594fd0276c812b2e989d6f7a0f2525e457

    • SSDEEP

      24576:Ftb20pkaCqT5TBWgNQ7aW5MB6dDVPHbZdR17P3e8W0A6A:2Vg5tQ7aW5RdVdpPu845

    Score
    10/10
    neshtapersistencespyware

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks