neshta | dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2 | Triage

Submit
Reports

Overview

overview

Static

static

dbfe97ff3d...b2.exe

windows7-x64

dbfe97ff3d...b2.exe

windows10-2004-x64

Sharing

General

Target

dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2
Size

916KB
Sample

221129-jyaemaah65
MD5

0e6eccc2cb4555748e5b1dec1ea8e0b0
SHA1

3eba614e98ff631ecb30bcc1cc3cfe4824747dff
SHA256

dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2
SHA512

75926bd3d19ef06f38581ad03a95eb99dfed1b0505484680abc633e36200e02bc8fb72bbe1caf4241446edd398650f0ad3a3ecc12b78e2758c29adc843703452
SSDEEP

12288:aW6VgX0SyGUsp8Qd/zDdz+A+hi6+pE30vwmC46oSVISpn7awwgoSPpi6:a/lGl6Qp3R+hos4w74YGwJpi6

Score

10^/10

neshta evasion persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2.exe

Resource

win7-20220812-en

neshta evasion persistence spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2.exe

Resource

win10v2004-20220812-en

neshta evasion persistence spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2
- Size
  
  916KB
- MD5
  
  0e6eccc2cb4555748e5b1dec1ea8e0b0
- SHA1
  
  3eba614e98ff631ecb30bcc1cc3cfe4824747dff
- SHA256
  
  dbfe97ff3dfd3889ca63c32b43dd67911e8706fe98f2c35f6cd342a70b24a0b2
- SHA512
  
  75926bd3d19ef06f38581ad03a95eb99dfed1b0505484680abc633e36200e02bc8fb72bbe1caf4241446edd398650f0ad3a3ecc12b78e2758c29adc843703452
- SSDEEP
  
  12288:aW6VgX0SyGUsp8Qd/zDdz+A+hi6+pE30vwmC46oSVISpn7awwgoSPpi6:a/lGl6Qp3R+hos4w74YGwJpi6
Score

10^/10

neshta evasion persistence spyware stealer upx
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtaevasionpersistencespywarestealerupx

behavioral2

neshtaevasionpersistencespywarestealerupx

© 2018-2024

Terms | Privacy