Overview

overview

10

Static

static

10

99085ecc42...45.exe

windows7-x64

10

99085ecc42...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99085ecc4293969ce59384c54514088123939265722d9ea74b8fbad44c459345

  • Size

    196KB

  • Sample

    221129-jyhe8sah77

  • MD5

    0cbd5ef39d80a9c48d54edf57f9c02d6

  • SHA1

    2a86fee2964add2534e0bf99e9f28877a9e75954

  • SHA256

    99085ecc4293969ce59384c54514088123939265722d9ea74b8fbad44c459345

  • SHA512

    3713b5166b745df8bf3cba17c19487f0781e5cddad00a1932bac024c4d433344c185dd7c252793d53c0da1c065eb5e494bd22ddfc00bf0e3b300b67c5cb9eb35

  • SSDEEP

    3072:sr85CCrcTiVJrhm+l2DKUpB0O44O83LbvwXIjq:k9HTchL0pKSZ3LbvwV

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      99085ecc4293969ce59384c54514088123939265722d9ea74b8fbad44c459345

    • Size

      196KB

    • MD5

      0cbd5ef39d80a9c48d54edf57f9c02d6

    • SHA1

      2a86fee2964add2534e0bf99e9f28877a9e75954

    • SHA256

      99085ecc4293969ce59384c54514088123939265722d9ea74b8fbad44c459345

    • SHA512

      3713b5166b745df8bf3cba17c19487f0781e5cddad00a1932bac024c4d433344c185dd7c252793d53c0da1c065eb5e494bd22ddfc00bf0e3b300b67c5cb9eb35

    • SSDEEP

      3072:sr85CCrcTiVJrhm+l2DKUpB0O44O83LbvwXIjq:k9HTchL0pKSZ3LbvwV

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks