Overview

overview

10

Static

static

5

0fdf27fdf2...c9.exe

windows7-x64

10

0fdf27fdf2...c9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bbd7558ef9a38d661bf6b0a1e4ed9c8.bin

  • Size

    905KB

  • Sample

    240824-bldmhsxfrb

  • MD5

    d2ae4daaac96a0621d200cbae4718af2

  • SHA1

    8c91fb214fc864cab7d161b18886b9e3306f01f7

  • SHA256

    69d0bb53f8041a56ae8d6d717c987a5d16a9ac05f25df2e22425e7c1f810d204

  • SHA512

    cc1df96788d9e01d559e4a0997f9238033e223ac09b2f63405ee8e20564e1c857edb3da7f49198423348d814c83e742bd5dcc75f8026a52d86135ab56811836b

  • SSDEEP

    24576:j4t7yqvrqp0yYxl5YMT9qdlDrv+6/LXqmQlt3/0l:jyRvrqpDITY29aDrv+KL65t8l

Score
10/10
neshtadiscoverypersistencespyware

Malware Config

Targets

    • Target

      0fdf27fdf2f7a40095f872f5608d6fb6559d015d1b79f34aabfeb14191d403c9.exe

    • Size

      1.3MB

    • MD5

      3bbd7558ef9a38d661bf6b0a1e4ed9c8

    • SHA1

      37ffde30ff3683dfc12ede54b819a52e8d0adc38

    • SHA256

      0fdf27fdf2f7a40095f872f5608d6fb6559d015d1b79f34aabfeb14191d403c9

    • SHA512

      04cf415eb340987def9d140c3f766920b899165a52da3d2f1172511e5b9b7447dd08a859f2d3df31f8e017a3556483ac8515f9426578c45740779dd6d00ffcac

    • SSDEEP

      24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8ahu7qQRy5GCd27u3v60Pwwf:LTvC/MTQYxsWR7ahuC51cJgw

    Score
    10/10
    neshtadiscoverypersistencespyware

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks