Overview

overview

10

Static

static

10

74c59b721d...3a.exe

windows7-x64

10

74c59b721d...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74c59b721d2017fd324bd58009c1bb77a3c7903560b96f840eae19d5e3adae3a

  • Size

    260KB

  • Sample

    221129-jynx1sah85

  • MD5

    954cae5b27a05f763dc875c36b27c8f2

  • SHA1

    b1a31cd6e0a1ccef28808a0a395f24e8495be36e

  • SHA256

    74c59b721d2017fd324bd58009c1bb77a3c7903560b96f840eae19d5e3adae3a

  • SHA512

    d66502d85bdc76c3db7724cb35a50422df01380d451d88b22e07c08f6c1bc9f31fee8b9295f545a512fb22459775d67d5819671ad8d5ebb1e169292ad349a378

  • SSDEEP

    6144:k9c+shqiQ6s1xZKp4pPazhH3XBTqIFs87h:sCqfNzZO4pyz7TqOh

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      74c59b721d2017fd324bd58009c1bb77a3c7903560b96f840eae19d5e3adae3a

    • Size

      260KB

    • MD5

      954cae5b27a05f763dc875c36b27c8f2

    • SHA1

      b1a31cd6e0a1ccef28808a0a395f24e8495be36e

    • SHA256

      74c59b721d2017fd324bd58009c1bb77a3c7903560b96f840eae19d5e3adae3a

    • SHA512

      d66502d85bdc76c3db7724cb35a50422df01380d451d88b22e07c08f6c1bc9f31fee8b9295f545a512fb22459775d67d5819671ad8d5ebb1e169292ad349a378

    • SSDEEP

      6144:k9c+shqiQ6s1xZKp4pPazhH3XBTqIFs87h:sCqfNzZO4pyz7TqOh

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks