Overview

overview

10

Static

static

10

e96bcd09d3...0N.exe

windows7-x64

10

e96bcd09d3...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e96bcd09d3fb95ac6ea1b424d9de67c0N.exe

  • Size

    4.5MB

  • Sample

    240822-z52qfs1ckj

  • MD5

    e96bcd09d3fb95ac6ea1b424d9de67c0

  • SHA1

    c194cb94d671e9f8525ceac4410041b72d8d0a1b

  • SHA256

    442b974c70dc26266a36ceeea0dc061d186472c9ace8d097c6985e18e5ad7523

  • SHA512

    17b0d4c76566a69b248cb18ce5d8b3d240ffc2dab110c2a6dfd711f8bb82f1a787b59cdb76f7e3534947a3e04eb9291b71fff27afcf620fb8114502ebb4960a6

  • SSDEEP

    98304:bV87NtXHOnCaTl1cEhZEqlTdZqkXrf+T4Zaskp0vo2+btmX:bV87NteC2l2eZhVq6mSNkNxmX

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      e96bcd09d3fb95ac6ea1b424d9de67c0N.exe

    • Size

      4.5MB

    • MD5

      e96bcd09d3fb95ac6ea1b424d9de67c0

    • SHA1

      c194cb94d671e9f8525ceac4410041b72d8d0a1b

    • SHA256

      442b974c70dc26266a36ceeea0dc061d186472c9ace8d097c6985e18e5ad7523

    • SHA512

      17b0d4c76566a69b248cb18ce5d8b3d240ffc2dab110c2a6dfd711f8bb82f1a787b59cdb76f7e3534947a3e04eb9291b71fff27afcf620fb8114502ebb4960a6

    • SSDEEP

      98304:bV87NtXHOnCaTl1cEhZEqlTdZqkXrf+T4Zaskp0vo2+btmX:bV87NteC2l2eZhVq6mSNkNxmX

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks