Overview

overview

10

Static

static

f616e37cb5...65.exe

windows7-x64

10

f616e37cb5...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f616e37cb5958f9275c91fc05cd36025e25c599399003e232b5af5bc2b22c365

  • Size

    429KB

  • Sample

    221130-atpjbafe4z

  • MD5

    38e40426ccc63e3ca333a1ff559054d4

  • SHA1

    485f37356daa6b32c6268104383e517d131a5f27

  • SHA256

    f616e37cb5958f9275c91fc05cd36025e25c599399003e232b5af5bc2b22c365

  • SHA512

    de68e0ce7abbf1ff0cf369f858c62c422fcaf3ffe694922f9d635e727550fad1e1c76986afd3f884e512aeb3074db09e21bce4a8261c69384577132678ff1c08

  • SSDEEP

    3072:zr8WDrCZhLvgiuRMoiFeYOlZvGgiKzZISqQ8pjBFy11Aw6Zyhurk2ilxU:PuPL5uO1FeYOlZvGgiKF1uhuhuIpU

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      f616e37cb5958f9275c91fc05cd36025e25c599399003e232b5af5bc2b22c365

    • Size

      429KB

    • MD5

      38e40426ccc63e3ca333a1ff559054d4

    • SHA1

      485f37356daa6b32c6268104383e517d131a5f27

    • SHA256

      f616e37cb5958f9275c91fc05cd36025e25c599399003e232b5af5bc2b22c365

    • SHA512

      de68e0ce7abbf1ff0cf369f858c62c422fcaf3ffe694922f9d635e727550fad1e1c76986afd3f884e512aeb3074db09e21bce4a8261c69384577132678ff1c08

    • SSDEEP

      3072:zr8WDrCZhLvgiuRMoiFeYOlZvGgiKzZISqQ8pjBFy11Aw6Zyhurk2ilxU:PuPL5uO1FeYOlZvGgiKF1uhuhuIpU

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks