neshta | e593236ed9903c8ba7fbbc9fed15bfd60a7e591cd27f0ba815a1fd1a9aab74bc | Triage

Sharing

General

Target

e593236ed9903c8ba7fbbc9fed15bfd60a7e591cd27f0ba815a1fd1a9aab74bc
Size

1.9MB
MD5

53f14218153b3ccb3e55fb6220cfc2ef
SHA1

44c836fa1837f4ee85b076d99050c137501cf345
SHA256

e593236ed9903c8ba7fbbc9fed15bfd60a7e591cd27f0ba815a1fd1a9aab74bc
SHA512

2e3d91b1f4e89df9ebadd2e18fd0a90b6f95bcdfe21e120ad0d4ad0d75a9fef8facfc3a7414fbc8a647d4594ce581e0932a84b93984a8e3c9204dd54729f507d
SSDEEP

49152:Rw2PjCSK6Q70zKaOF0RBl0Id/oz5nxTeYuc9t2:aoBWIA5nxjF9t2

Score

10^/10

neshta predatorstealer

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta
Predatorstealer family
predatorstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e593236ed9903c8ba7fbbc9fed15bfd60a7e591cd27f0ba815a1fd1a9aab74bc

Files

e593236ed9903c8ba7fbbc9fed15bfd60a7e591cd27f0ba815a1fd1a9aab74bc
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\brono\Desktop\BitJoiner\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ