neshta | e8d9e77c555569d9d719fe5ff5c4c4f1047e157f5cbb00e7c43033bc8aefa384 | Triage

Resubmissions

03/05/2024, 13:21

240503-ql2fxabc96 10

03/05/2024, 04:47

240503-ferysafd9z 10

Sharing

Copy URL Twitter E-mail

General

Target

e8d9e77c555569d9d719fe5ff5c4c4f1047e157f5cbb00e7c43033bc8aefa384
Size

7.1MB
MD5

3cd40daca13b1c1927529138941a9b54
SHA1

b4e31f4da5c905a48918f7a1c7229aec2c32198c
SHA256

e8d9e77c555569d9d719fe5ff5c4c4f1047e157f5cbb00e7c43033bc8aefa384
SHA512

bcd7117e5c530fb675c376b73628c5fce38cc76911367de98bf29faaa475b203eb4fb3af696a866a77c5bab56b14adc7b4d7e2b5269dd7370de935e6d9f70a12
SSDEEP

49152:d4CGdrJhToeKqIHjS2JJdmittRzdUUNwoI0OxMTQXsUrmBhdWRbV70kLEIC:dVGlCjS2JJdR9d/PI0OxMTQXsUrNb

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8d9e77c555569d9d719fe5ff5c4c4f1047e157f5cbb00e7c43033bc8aefa384

Files

e8d9e77c555569d9d719fe5ff5c4c4f1047e157f5cbb00e7c43033bc8aefa384
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ