Overview

overview

10

Static

static

3

6812964531.exe

windows7-x64

3

6812964531.exe

windows10-1703-x64

7

6812964531.exe

windows10-2004-x64

10

6812964531.exe

windows11-21h2-x64

10

Resubmissions

18-10-2024 17:25

241018-vzl1la1cqq 10

18-10-2024 16:26

241018-txhdyswgqh 10

18-10-2024 16:25

241018-tw78zsydrp 3

18-10-2024 16:22

241018-tvh8gawfqa 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6812964531.exe

  • Size

    67KB

  • Sample

    241018-vzl1la1cqq

  • MD5

    7de65122a13ab9d81368ee3dff3cc80a

  • SHA1

    ecbb4db641431d4d672e4b88e8d309419fd32f04

  • SHA256

    a73a05a4b6ec6ae1c1ba6d3d12b68cc52b899e2a6dbbaaa1f48f2c260a733123

  • SHA512

    b156d77a665c3256ddfd016e46105b6e87db6a4c1ca77e9bb25b221c368f3cc53dddc7159602cfb926ef0cc9bacac57b6bd41e7e28998883c996727d58d29401

  • SSDEEP

    1536:pr3rob4nqB6veqHnq+Pgm5NN9vbDTc+1vIQ/EXyBej:h7PEg3qcv5PvB/EVj

Score
10/10
neshtabootkitdiscoveryevasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      6812964531.exe

    • Size

      67KB

    • MD5

      7de65122a13ab9d81368ee3dff3cc80a

    • SHA1

      ecbb4db641431d4d672e4b88e8d309419fd32f04

    • SHA256

      a73a05a4b6ec6ae1c1ba6d3d12b68cc52b899e2a6dbbaaa1f48f2c260a733123

    • SHA512

      b156d77a665c3256ddfd016e46105b6e87db6a4c1ca77e9bb25b221c368f3cc53dddc7159602cfb926ef0cc9bacac57b6bd41e7e28998883c996727d58d29401

    • SSDEEP

      1536:pr3rob4nqB6veqHnq+Pgm5NN9vbDTc+1vIQ/EXyBej:h7PEg3qcv5PvB/EVj

    Score
    10/10
    discoverybootkitevasionpersistencetrojanneshtaspyware

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • UAC bypass

      evasiontrojan

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks