Overview

overview

10

Static

static

10

b5c217dec6...32.exe

windows7-x64

10

b5c217dec6...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5c217dec6b5572652a097fdaa836700_exe32.exe

  • Size

    127KB

  • Sample

    231015-yfjmxafh64

  • MD5

    b5c217dec6b5572652a097fdaa836700

  • SHA1

    ac1aed1e8ce10b5cc407f213b612b3a575a48c5c

  • SHA256

    a9f25d8e086b0a83ac4be5c2a404cff535e2ed8b723c9005b64b8f768941ccd6

  • SHA512

    133d2e34b05051dd837f0bc4aae41604c2c6f0c6944c912e6533e9a4dea490716965ff24a3c9db2f830316634217e277ed8087c87168d583e212358babbb0953

  • SSDEEP

    1536:JxqjQ+P04wsmJCEWN/do8pbaW2OWb2GqtE4OxqjQ+P04wsmJC:sr85CRN/do8pbld+ar85C

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      b5c217dec6b5572652a097fdaa836700_exe32.exe

    • Size

      127KB

    • MD5

      b5c217dec6b5572652a097fdaa836700

    • SHA1

      ac1aed1e8ce10b5cc407f213b612b3a575a48c5c

    • SHA256

      a9f25d8e086b0a83ac4be5c2a404cff535e2ed8b723c9005b64b8f768941ccd6

    • SHA512

      133d2e34b05051dd837f0bc4aae41604c2c6f0c6944c912e6533e9a4dea490716965ff24a3c9db2f830316634217e277ed8087c87168d583e212358babbb0953

    • SSDEEP

      1536:JxqjQ+P04wsmJCEWN/do8pbaW2OWb2GqtE4OxqjQ+P04wsmJC:sr85CRN/do8pbld+ar85C

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks