neshta | 422b0750fbebbb9d9737d883ea20ad1e3e32939bbdff248fbd293952a21fe7e5[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

422b0750fbebbb9d9737d883ea20ad1e3e32939bbdff248fbd293952a21fe7e5.exe
Size

2.5MB
MD5

01db2231b326001883ebfb3d3d5780d0
SHA1

d3742f865c892410d8e9e4b81f1adddb628e32c3
SHA256

422b0750fbebbb9d9737d883ea20ad1e3e32939bbdff248fbd293952a21fe7e5
SHA512

234c47ea99c367caa3655107b1e19b2a0910359cc06818efdca1c10a0849794672899fb60e8525db27c961c2b97e5ca225ceb8adf49ff34985c5141f275af800
SSDEEP

24576:uKMAxfbaHdzRugUhPaHVK6tFeo11ZOjHu5XqYqpq4pMTXbPSEXIzcYHom5ryi9hR:I5zHVK6lgWiYod9yS

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
422b0750fbebbb9d9737d883ea20ad1e3e32939bbdff248fbd293952a21fe7e5.exe

Files

422b0750fbebbb9d9737d883ea20ad1e3e32939bbdff248fbd293952a21fe7e5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ