Overview

overview

10

Static

static

10

b96dc02aa6...d0.exe

windows7-x64

10

b96dc02aa6...d0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b96dc02aa6291e7dc71cbc9fe2cf56fe4ff202bf980b2f397054ad46a45660d0

  • Size

    83KB

  • Sample

    240625-b49gxaxckm

  • MD5

    474cd1e282730cdab62f0f8b3b313d6c

  • SHA1

    12960def21e634291c251e9b4dcd9e4c1c32e460

  • SHA256

    b96dc02aa6291e7dc71cbc9fe2cf56fe4ff202bf980b2f397054ad46a45660d0

  • SHA512

    400ed8798f9f6efc319b8eeba007e8686987408930a7f56e20be5430100a6f341d67545f9bc99bba9b498967db797bd47c630aeea0f8aa7ecd9f562830a53a74

  • SSDEEP

    1536:JxqjQ+P04wsmJCAL/0f1gQwVqu9+HPJOoyhd:sr85C86Tgqu9mOoyhd

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      b96dc02aa6291e7dc71cbc9fe2cf56fe4ff202bf980b2f397054ad46a45660d0

    • Size

      83KB

    • MD5

      474cd1e282730cdab62f0f8b3b313d6c

    • SHA1

      12960def21e634291c251e9b4dcd9e4c1c32e460

    • SHA256

      b96dc02aa6291e7dc71cbc9fe2cf56fe4ff202bf980b2f397054ad46a45660d0

    • SHA512

      400ed8798f9f6efc319b8eeba007e8686987408930a7f56e20be5430100a6f341d67545f9bc99bba9b498967db797bd47c630aeea0f8aa7ecd9f562830a53a74

    • SSDEEP

      1536:JxqjQ+P04wsmJCAL/0f1gQwVqu9+HPJOoyhd:sr85C86Tgqu9mOoyhd

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks