Overview

overview

10

Static

static

3

f0598e2675...cs.exe

windows7-x64

10

f0598e2675...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0598e26752ac708ab35006b2e897dd0_NeikiAnalytics.exe

  • Size

    162KB

  • Sample

    240517-veyhwshd55

  • MD5

    f0598e26752ac708ab35006b2e897dd0

  • SHA1

    0577d4742281376ea85178775a32f57ba5a71aca

  • SHA256

    6b8dd217d3f1d1e3648e57841d78ce1e25484eb7ef7fb00e9f1c82bc94cfe501

  • SHA512

    94eb5f402473a1fc593fb2197bdac60bc239b1dea8a39daf7b7aa85abd63ddb8e4aede4ddc4e241cc80ab33d40c43c390602bb8877fb546007ad31d742bd8712

  • SSDEEP

    3072:Jr85CbgRsOJGWdBuqC+F+HacWal6wRURYoPAPS52jNM/ZAyq:l9yssDdRC+Fsac30wRURp4S52j+6

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      f0598e26752ac708ab35006b2e897dd0_NeikiAnalytics.exe

    • Size

      162KB

    • MD5

      f0598e26752ac708ab35006b2e897dd0

    • SHA1

      0577d4742281376ea85178775a32f57ba5a71aca

    • SHA256

      6b8dd217d3f1d1e3648e57841d78ce1e25484eb7ef7fb00e9f1c82bc94cfe501

    • SHA512

      94eb5f402473a1fc593fb2197bdac60bc239b1dea8a39daf7b7aa85abd63ddb8e4aede4ddc4e241cc80ab33d40c43c390602bb8877fb546007ad31d742bd8712

    • SSDEEP

      3072:Jr85CbgRsOJGWdBuqC+F+HacWal6wRURYoPAPS52jNM/ZAyq:l9yssDdRC+Fsac30wRURp4S52j+6

    Score
    10/10
    neshtapersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks