Overview

overview

10

Static

static

10

b6418f4c83...8e.exe

windows7-x64

10

b6418f4c83...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6418f4c83b3b0ce1dcb00ecaed310cc372f17eef5b7f305d202a43e3030ce8e

  • Size

    2.3MB

  • Sample

    221203-pkckqadd7v

  • MD5

    fd0a2ec7c0c3663a48114d43df2f80f8

  • SHA1

    435d67cf6084745af5518598cdbcdfdd66abcae0

  • SHA256

    b6418f4c83b3b0ce1dcb00ecaed310cc372f17eef5b7f305d202a43e3030ce8e

  • SHA512

    859b4222d03b120aef32c039ee61c184cb31be4803e07752359168aea8029d93eae169a3e837678f27bc80ec7e22c8e63bbecdc55267e35b5c347c099ad699b3

  • SSDEEP

    49152:+e9NJ1A1XbiXM0jx0ML4WFHtnP1NLwQMUFACgm/4fErS:trAhgbxTHH9dNLZ9Azm/wn

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      b6418f4c83b3b0ce1dcb00ecaed310cc372f17eef5b7f305d202a43e3030ce8e

    • Size

      2.3MB

    • MD5

      fd0a2ec7c0c3663a48114d43df2f80f8

    • SHA1

      435d67cf6084745af5518598cdbcdfdd66abcae0

    • SHA256

      b6418f4c83b3b0ce1dcb00ecaed310cc372f17eef5b7f305d202a43e3030ce8e

    • SHA512

      859b4222d03b120aef32c039ee61c184cb31be4803e07752359168aea8029d93eae169a3e837678f27bc80ec7e22c8e63bbecdc55267e35b5c347c099ad699b3

    • SSDEEP

      49152:+e9NJ1A1XbiXM0jx0ML4WFHtnP1NLwQMUFACgm/4fErS:trAhgbxTHH9dNLZ9Azm/wn

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks