Behavioral task
behavioral1
Sample
7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74.exe
Resource
win10v2004-20240704-en
General
-
Target
7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74
-
Size
96KB
-
MD5
546ba31f3721773f3d94bcfaa08b2979
-
SHA1
aa4a302bb83127aaa08d941312ac6d1ecf8c10cc
-
SHA256
7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74
-
SHA512
b387dac8180ff4e0ccb0d290a91c2b0f77e5923321c147681c543e576d0acfb1ab5e712fb3b64026f4d821d5cd10b83fe60cd162b05081bd1f98aad8085bb38f
-
SSDEEP
1536:JxqjQ+P04wsmJCKLX5m82EZFnjVztJwiLcks84dVADOi/1aHomgrCVLTaJOw/9p:sr85CQ5Plj4xVGoQp
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74
Files
-
7361407d785202e52218e00aff75bb3803fef63949dff9952db001ba6c6efb74.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ