Overview

overview

10

Static

static

3

BANK FUNDE...PY.exe

windows7-x64

10

BANK FUNDE...PY.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BANK FUNDED SLIP COPY.rar

  • Size

    651KB

  • Sample

    230614-larp4sfd42

  • MD5

    042938fb3342cf83d4336ed534f5aa92

  • SHA1

    38a465a7ff3eb4651f534e42bab25634666ef0ae

  • SHA256

    d02f17228f28187d3a63ea2f68df1641e0136f5225fa49211a8ff8a5340a4744

  • SHA512

    b90df2704d6c27578892886e3d77d149b8a3c090957f0ae64519133b68645279974f8486ddb9313460b168958f9d19632653196c63ac5bbafed339fd50bea6d8

  • SSDEEP

    12288:t6REIGWDcLSikLt0FFFG70eeJ0AiLIPD9E9WBfMtwNvJK+s7lt+SzWYYG:7I4u/LuFkAjJ0pyzfMtwZ1SzfT

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      BANK FUNDED SLIP COPY.exe

    • Size

      852KB

    • MD5

      625b0222413f234ef2dc85f735c74782

    • SHA1

      8503534bb692b7f03beac0da33e7bbd7599aa1e6

    • SHA256

      393d94791809b4059141bd1d6de789b431a71eb544bc7f7b0d7a1700c042ece5

    • SHA512

      4a90e1b77491a53f035f9820fa069e9c96107ad5dc40e30eafb8e6817f6dd3282ac874c7ceca5ca9f35be4f6ca31b98c4c72e7a2508d091382d9ccec0cee1817

    • SSDEEP

      12288:ZlKnuvEXqXdVjmZdDcghPsNF1bFu4yjyLrb/npXZdFpQF7T+:+24qXdVKdDlhP2lfvDnNQ/+

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks