neshta | f3a184f74b8326b79d5f99aa2a412b18fa50f89b55017f852b4e74713342eae2 | Triage

Submit
Reports

Overview

overview

Static

static

SWIFT REF.exe

windows7-x64

SWIFT REF.exe

windows10-2004-x64

Sharing

General

Target

SWIFT REF.exe
Size

1.1MB
Sample

221201-wjrftadf72
MD5

cb9bc8e2f918725b9d28925aa42cba1e
SHA1

fedbd5f39e13a4dffe8b4d1e36d3c50bdf9f433b
SHA256

f3a184f74b8326b79d5f99aa2a412b18fa50f89b55017f852b4e74713342eae2
SHA512

8dea90cc898a04cb50b0760281e160838e35fc9ca22734ea66f0b2308bdecea6891eb278b47c6bbf3a35f0896ae86dfcb6467a3247f48afe3d9fb828275479bd
SSDEEP

24576:REAojIr4A11gcBQqcsrF6NCg0fJACQU4I6bB589j:KAoMr4A115S5u6NT0fJAC14I6bQ

Score

10^/10

neshta persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

SWIFT REF.exe

Resource

win7-20220901-en

neshta persistence spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SWIFT REF.exe

Resource

win10v2004-20220901-en

neshta persistence spyware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  SWIFT REF.exe
- Size
  
  1.1MB
- MD5
  
  cb9bc8e2f918725b9d28925aa42cba1e
- SHA1
  
  fedbd5f39e13a4dffe8b4d1e36d3c50bdf9f433b
- SHA256
  
  f3a184f74b8326b79d5f99aa2a412b18fa50f89b55017f852b4e74713342eae2
- SHA512
  
  8dea90cc898a04cb50b0760281e160838e35fc9ca22734ea66f0b2308bdecea6891eb278b47c6bbf3a35f0896ae86dfcb6467a3247f48afe3d9fb828275479bd
- SSDEEP
  
  24576:REAojIr4A11gcBQqcsrF6NCg0fJACQU4I6bB589j:KAoMr4A115S5u6NT0fJAC14I6bQ
Score

10^/10

neshta persistence spyware
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy