neshta | Curd[.]exe

General

Target

Curd.exe
Size

7.5MB
MD5

b536faca77dc94cb96eda5d45bdc4afa
SHA1

01e75c013c5b77597d58cf20365812c01ce73eaa
SHA256

b406c1acec618c85ce1990fb931342aff9c5173b862b4a828b61cb89c24aa0c3
SHA512

d70ca52c1b42ebcf2c59c6abe3b49be91c7915751640a31810af6f2990e0e729de51901a89cf9fa69324cf8e02f84c2dcf049213bfa17179e7811b8ffe8dca47
SSDEEP

98304:nteYgI6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3z5UTbDv9JTSPhlVtQo1fO:nIYmOshoKMuIkhVastRL5Di3tK/SPJO

Score

10^/10

A stealer written in Python and packaged with Pyinstaller 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/t�2sX��.pyc	blankgrabber

Blankgrabber family
blankgrabber
Detect Neshta payload 1 IoCs

Processes:

resource yara_rule

sample family_neshta
Neshta family
neshta
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Curd.exe

resource	yara_rule
sample	family_neshta

resource
Curd.exe