Overview

overview

10

Static

static

3

320875988c...e5.exe

windows7-x64

10

320875988c...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    320875988ca4badb56a9522936ac4260a3532ebd73b97b048726b15bbe0409e5

  • Size

    698KB

  • Sample

    240522-cjn6xagh62

  • MD5

    08ca3eb4ad279f20ad7bf302b99f8120

  • SHA1

    8c8873a96f1ac56e6b832761a057dcf5b2b4eda1

  • SHA256

    320875988ca4badb56a9522936ac4260a3532ebd73b97b048726b15bbe0409e5

  • SHA512

    9667d4e0cd9bd5d55f49a9657ed9530a09c12f82e5fd45cece9097734493a3583591c00a1ee92f1f4ec6e580638166e21acbfcf5832040def754470de05b7c75

  • SSDEEP

    12288:6lYifTdTeVso+OX4mAdhrDu7NQ6xM9z6J95q1nKn2GJpKwp/U8WRu9jpX8R0J14+:diuso+bmaVKlxM9mJR2EVU8guvN14Nk

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      320875988ca4badb56a9522936ac4260a3532ebd73b97b048726b15bbe0409e5

    • Size

      698KB

    • MD5

      08ca3eb4ad279f20ad7bf302b99f8120

    • SHA1

      8c8873a96f1ac56e6b832761a057dcf5b2b4eda1

    • SHA256

      320875988ca4badb56a9522936ac4260a3532ebd73b97b048726b15bbe0409e5

    • SHA512

      9667d4e0cd9bd5d55f49a9657ed9530a09c12f82e5fd45cece9097734493a3583591c00a1ee92f1f4ec6e580638166e21acbfcf5832040def754470de05b7c75

    • SSDEEP

      12288:6lYifTdTeVso+OX4mAdhrDu7NQ6xM9z6J95q1nKn2GJpKwp/U8WRu9jpX8R0J14+:diuso+bmaVKlxM9mJR2EVU8guvN14Nk

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks