Overview

overview

10

Static

static

3

b473068d1a...d9.exe

windows7-x64

10

b473068d1a...d9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b473068d1ad2a1affdc2c196d0d532bfb1008325c9aacad102d42cf3e3e89dd9.exe

  • Size

    454KB

  • Sample

    241126-f5kx6awqgw

  • MD5

    c30c5bc875a1eeb48ebf45c6e2120d1c

  • SHA1

    c21c4baa98a1faff03ae551c84e5f4d28e3301a1

  • SHA256

    b473068d1ad2a1affdc2c196d0d532bfb1008325c9aacad102d42cf3e3e89dd9

  • SHA512

    80a0bd8ab6ec1407098d8be5f0586e849aa2593c821b4650e8e9ad1116b800506e527a6423e6b53e8dc62b2f10a65febb4d17e8e9376be6795d71be54ed6a07e

  • SSDEEP

    12288:NGmZvYntO2EiwcZCuKHFcnUE9cFucYLxf35:+EizCJcnUefJ

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      b473068d1ad2a1affdc2c196d0d532bfb1008325c9aacad102d42cf3e3e89dd9.exe

    • Size

      454KB

    • MD5

      c30c5bc875a1eeb48ebf45c6e2120d1c

    • SHA1

      c21c4baa98a1faff03ae551c84e5f4d28e3301a1

    • SHA256

      b473068d1ad2a1affdc2c196d0d532bfb1008325c9aacad102d42cf3e3e89dd9

    • SHA512

      80a0bd8ab6ec1407098d8be5f0586e849aa2593c821b4650e8e9ad1116b800506e527a6423e6b53e8dc62b2f10a65febb4d17e8e9376be6795d71be54ed6a07e

    • SSDEEP

      12288:NGmZvYntO2EiwcZCuKHFcnUE9cFucYLxf35:+EizCJcnUefJ

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks