Overview

overview

10

Static

static

10

c32863a5e4...KI.exe

windows7-x64

10

c32863a5e4...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c32863a5e41477a4e458c1aeadc736d0_NEIKI

  • Size

    95KB

  • Sample

    240508-ee2bsabh24

  • MD5

    c32863a5e41477a4e458c1aeadc736d0

  • SHA1

    6a7f789662cc3858bfab73120be616d457d49ea0

  • SHA256

    955630eea0fe606d23a739c0c6aae0a194214c22a390e452e5cc18f55cec5ba2

  • SHA512

    32af24cc90c2c1fe9c636d88bd7022faeccbe184411b66ea1943f013e14f38d4b7430e9b37af252c2246a18bc9333f79a472bffffd76879e4fbfb8cbaf1c6633

  • SSDEEP

    1536:JxqjQ+P04wsmJCllUX+PMhQnpazi6dwsqOsKgKSk9nH9lEm8/tV0EUvM:sr85CVPrwi6ZsxKSklHEbtVhUvM

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      c32863a5e41477a4e458c1aeadc736d0_NEIKI

    • Size

      95KB

    • MD5

      c32863a5e41477a4e458c1aeadc736d0

    • SHA1

      6a7f789662cc3858bfab73120be616d457d49ea0

    • SHA256

      955630eea0fe606d23a739c0c6aae0a194214c22a390e452e5cc18f55cec5ba2

    • SHA512

      32af24cc90c2c1fe9c636d88bd7022faeccbe184411b66ea1943f013e14f38d4b7430e9b37af252c2246a18bc9333f79a472bffffd76879e4fbfb8cbaf1c6633

    • SSDEEP

      1536:JxqjQ+P04wsmJCllUX+PMhQnpazi6dwsqOsKgKSk9nH9lEm8/tV0EUvM:sr85CVPrwi6ZsxKSklHEbtVhUvM

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks