neshta | 06361aaa349839a3ba17de32f86e1219ef89815bfce5c45c005bc32657dd8d0b | Triage

Submit
Reports

Overview

overview

Static

static

UltimatePS...on.exe

windows10-2004-x64

7

UltimatePS....2.exe

windows10-2004-x64

Sharing

General

Target

UltimatePSN_Checker_v1.2_Updated.rar
Size

12.9MB
Sample

230423-nqzf1adb23
MD5

87d533c1c66e361d5ffbc6f0b32d60e3
SHA1

078d069e8a19c88a9b8dc3bd1219943b74ee0693
SHA256

06361aaa349839a3ba17de32f86e1219ef89815bfce5c45c005bc32657dd8d0b
SHA512

cc5f00f7bab4b2c1b9ad74acbeaf9026f82118a6f444f2f821dc8f3758bc02fb5021c61605bdb6e16a0aaaa0b4696ce4ef43f5b98621ac328e31a690ecf5ed1c
SSDEEP

196608:fxDo/qH7haODj3z4yAG1FNkpXTI9fPUr0E3jtxMoYaOPg7j9Rs5zTf3GkBxJB:JDo/88ssjIJUh3jRYawW9IzTfHJB

Score

10^/10

neshta agilenet persistence spyware

Static task

static1

agilenet neshta

3 signatures

Behavioral task

behavioral1

Sample

UltimatePSN Checker v1.2 Updated/Data/resource/playstation.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

30 seconds

Behavioral task

behavioral2

Sample

UltimatePSN Checker v1.2 Updated/UltimatePSN Checker v1.2.exe

Resource

win10v2004-20230221-en

neshta agilenet persistence spyware

windows10-2004-x64

19 signatures

30 seconds

Malware Config

Targets

- Target
  
  UltimatePSN Checker v1.2 Updated/Data/resource/playstation.cer
- Size
  
  12.9MB
- MD5
  
  199291e246aacb45dbad7bfe296066fa
- SHA1
  
  1b8727331c02190d860e26f4a74156e5d1196012
- SHA256
  
  b78cfa136bc15eb5cd403a4751202b56035d360438481147d87df90f7e33f65c
- SHA512
  
  75f37558ae706e07b73b1e4c9af73068697141107a6adcd84c55500c20cce3fb6ca2be74ce58c5ce4886c58fd9d79b8fab7a18756ee7bdece250a43dfc42939f
- SSDEEP
  
  196608:2uOuB3+/GmduFeQUKuQYIWitAlAm04lAg7RKKcaXePZxyvQfE60iKI8xOUfX:2aB3+/cTNuQYIWfRFKz4uwxxn
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1
- Target
  
  UltimatePSN Checker v1.2 Updated/UltimatePSN Checker v1.2.exe
- Size
  
  1.7MB
- MD5
  
  2311324a67e80be453e3e37c65548848
- SHA1
  
  9291ca23bb88a9cb912dba77c7b9ac2ec8d77008
- SHA256
  
  8fab15bad9b03141589b331b6c5e142450d73fff9025987038108103c020d5d3
- SHA512
  
  fdabf0ab09ba736dd87cf4c41ec18090cfab380acbce734c6b54b00249177136bad0697bf7065b31b1a68c2b519bbd9e0f6b91bf99cd39fac4c87dd2bc3b2041
- SSDEEP
  
  24576:znsJ39LyjbJkQFMhmC+6GD9dnBEsRybcR4I4x2eM:znsHyjtk2MYC5GDTBEsRycz
Score

10^/10

neshta agilenet persistence spyware
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

neshtaagilenetpersistencespyware

© 2018-2024

Terms | Privacy