General
-
Target
9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a.exe
-
Size
2.2MB
-
Sample
241122-db6xesypgj
-
MD5
b01a11449dd83a10497833b23fb0887d
-
SHA1
8f5276ee02a5b4b23cb7e9d500dd0df71382e211
-
SHA256
9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a
-
SHA512
cf3634a8253c439d54233162db10b9668f080e184e4e1b52aae60db303e89d2ca9fead16097937a871d54685592b1b58e389d481b94f6c261d5caec98223ec81
-
SSDEEP
24576:ZFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsRQ:ZREXSVMDi350aFJqciOa925sRtMZ
Behavioral task
behavioral1
Sample
9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a.exe
-
Size
2.2MB
-
MD5
b01a11449dd83a10497833b23fb0887d
-
SHA1
8f5276ee02a5b4b23cb7e9d500dd0df71382e211
-
SHA256
9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a
-
SHA512
cf3634a8253c439d54233162db10b9668f080e184e4e1b52aae60db303e89d2ca9fead16097937a871d54685592b1b58e389d481b94f6c261d5caec98223ec81
-
SSDEEP
24576:ZFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsRQ:ZREXSVMDi350aFJqciOa925sRtMZ
-
Detect Neshta payload
-
Gh0st RAT payload
-
Gh0strat family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Change Default File Association
1Server Software Component
1Terminal Services DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1