neshta | 5610f0abad76aef7e278e763969a9c00N[.]exe | Triage

Sharing

General

Target

5610f0abad76aef7e278e763969a9c00N.exe
Size

1.3MB
MD5

5610f0abad76aef7e278e763969a9c00
SHA1

52a39b7d6e7cc0bbc2e52feca616a6926fc3a713
SHA256

a0edaeccb452a3b813f3daf6b83e0c935c7f2397cf309520162ef540d68733df
SHA512

aeaeffb99884d6c3fdd47e80c54aae883d69bd5c6558c3716a7befe987f277cb6f040da9336f5a7e43cb5abf853bb851ac00bd838a0de7f81941b002efbe0362
SSDEEP

12288:/YWKjU3EgsT+nqUvWoQjlobYa2r7Gf7f6yCqpHsn00csNd5y8Gat060xoRi/yZOd:gWKA3/sT+qU/bYa2ODfG4HkJyhG05/H

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5610f0abad76aef7e278e763969a9c00N.exe

Files

5610f0abad76aef7e278e763969a9c00N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ