Overview

overview

10

Static

static

bbd11c58a2...a8.exe

windows7-x64

10

bbd11c58a2...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbd11c58a2b7e27353a7363bc1108e6f1f6c3383cacedf332c10fb66bb970ca8

  • Size

    470KB

  • Sample

    221202-hlkjdscf69

  • MD5

    836a04ec9312fd5b4690eaa3ba25a610

  • SHA1

    0f4bd267cff939690ffceac440fb4418e2661201

  • SHA256

    bbd11c58a2b7e27353a7363bc1108e6f1f6c3383cacedf332c10fb66bb970ca8

  • SHA512

    7969c32c7d5d1de9895366dadbcb95fe5fc3da5730ee70c7eb6d95bfa17b81cb62bd34a63b30985b515fe1f5782fe73ae2114031c4b2be66dbc809b0240cfb6b

  • SSDEEP

    6144:PuHeSq9d4RgqM0hK+FOivEYmvL5OtcG3+ttYXhoCJSiaFfmoqh2gbl5+PycUF:EeSF+qMUQQEP5gc9v0o6S5Q55GcF

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      bbd11c58a2b7e27353a7363bc1108e6f1f6c3383cacedf332c10fb66bb970ca8

    • Size

      470KB

    • MD5

      836a04ec9312fd5b4690eaa3ba25a610

    • SHA1

      0f4bd267cff939690ffceac440fb4418e2661201

    • SHA256

      bbd11c58a2b7e27353a7363bc1108e6f1f6c3383cacedf332c10fb66bb970ca8

    • SHA512

      7969c32c7d5d1de9895366dadbcb95fe5fc3da5730ee70c7eb6d95bfa17b81cb62bd34a63b30985b515fe1f5782fe73ae2114031c4b2be66dbc809b0240cfb6b

    • SSDEEP

      6144:PuHeSq9d4RgqM0hK+FOivEYmvL5OtcG3+ttYXhoCJSiaFfmoqh2gbl5+PycUF:EeSF+qMUQQEP5gc9v0o6S5Q55GcF

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks