Overview

overview

10

Static

static

3

c6b616f1e5...34.exe

windows7-x64

10

c6b616f1e5...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6b616f1e523cf0164abfdf61bed202e1b063ac7114966adb4e3dc6ff31f3234.exe

  • Size

    2.0MB

  • Sample

    241121-a1khya1pgj

  • MD5

    ffaa2795cdbb9b9a2fb8f64ae59ab785

  • SHA1

    5ed394f8cce0ef5a915756e2990c314bb5d9aa84

  • SHA256

    c6b616f1e523cf0164abfdf61bed202e1b063ac7114966adb4e3dc6ff31f3234

  • SHA512

    a3d34b0bf5e4ff6ac4ca7a048b2520abbe9263bb26baaacb3e812372d4a15e072ef0718598d5d2b68deee408ce6dffe42f2754db151516d4c8d98fe996fbe6d3

  • SSDEEP

    49152:o96NRteryADpCW2G7CqreesNLsaisNeX7hwgqXn8D4E0fhbLUOu:o4NRIpcGCq/sqaisG7Vr0fh8Ou

Score
10/10
neshtadiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      c6b616f1e523cf0164abfdf61bed202e1b063ac7114966adb4e3dc6ff31f3234.exe

    • Size

      2.0MB

    • MD5

      ffaa2795cdbb9b9a2fb8f64ae59ab785

    • SHA1

      5ed394f8cce0ef5a915756e2990c314bb5d9aa84

    • SHA256

      c6b616f1e523cf0164abfdf61bed202e1b063ac7114966adb4e3dc6ff31f3234

    • SHA512

      a3d34b0bf5e4ff6ac4ca7a048b2520abbe9263bb26baaacb3e812372d4a15e072ef0718598d5d2b68deee408ce6dffe42f2754db151516d4c8d98fe996fbe6d3

    • SSDEEP

      49152:o96NRteryADpCW2G7CqreesNLsaisNeX7hwgqXn8D4E0fhbLUOu:o4NRIpcGCq/sqaisG7Vr0fh8Ou

    Score
    10/10
    neshtadiscoveryevasionpersistencespywarestealertrojan

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks