Overview

overview

10

Static

static

10

213d42a491...cs.exe

windows7-x64

10

213d42a491...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe

  • Size

    826KB

  • Sample

    240522-ghc5gaea91

  • MD5

    213d42a491a4f1717a3e2c41a9f115d0

  • SHA1

    b77866c0567234e9058c4cb7183fe6dc30c8f914

  • SHA256

    40c6a313785e33be10896ddcbd2c4fae4430e6a06cc2b9a093b4e3df046f2ae2

  • SHA512

    31d6b0c637fb015d75c3a42a6ae4516885ef5e2defe89fff5bddf9146f9e03aa1396374ab6abbad6f36d2052a4f7366ecbb7dafb4d01d9387f159607807f56b4

  • SSDEEP

    12288:2swzui/UB7v14t677Vut+XG1ykwM+hGxttC7OG:2Pzui8Bx4tSVuUXG4fM+hGhYO

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe

    • Size

      826KB

    • MD5

      213d42a491a4f1717a3e2c41a9f115d0

    • SHA1

      b77866c0567234e9058c4cb7183fe6dc30c8f914

    • SHA256

      40c6a313785e33be10896ddcbd2c4fae4430e6a06cc2b9a093b4e3df046f2ae2

    • SHA512

      31d6b0c637fb015d75c3a42a6ae4516885ef5e2defe89fff5bddf9146f9e03aa1396374ab6abbad6f36d2052a4f7366ecbb7dafb4d01d9387f159607807f56b4

    • SSDEEP

      12288:2swzui/UB7v14t677Vut+XG1ykwM+hGxttC7OG:2Pzui8Bx4tSVuUXG4fM+hGhYO

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks