Overview

overview

10

Static

static

3

1545f16d88...1N.exe

windows7-x64

10

1545f16d88...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1545f16d88ce55983a90b16b41ab6ccbadfb90ca4c0d966b3eb6d1d2d57dabf1N.exe

  • Size

    2.5MB

  • Sample

    241129-mefdbazpcz

  • MD5

    db0334758de1c7e8272e9dfd96e157d0

  • SHA1

    365782b08a80ac7db4e7413da999f50536fe6270

  • SHA256

    1545f16d88ce55983a90b16b41ab6ccbadfb90ca4c0d966b3eb6d1d2d57dabf1

  • SHA512

    48996a1d57cf8548755d02be1cb5bbed4e55acd293e2094df76bf4656ea13e279559c28130714cc2f4eddd57af9d7918fea099155795d86201d1bdad7e83bc6f

  • SSDEEP

    49152:0v7tA+Mr1HPPO3ojj+HSKY8X9tdLmcq/SMYB35CpciI:0DtANrJjKTttdLTM4PF

Score
10/10
neshtabootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      1545f16d88ce55983a90b16b41ab6ccbadfb90ca4c0d966b3eb6d1d2d57dabf1N.exe

    • Size

      2.5MB

    • MD5

      db0334758de1c7e8272e9dfd96e157d0

    • SHA1

      365782b08a80ac7db4e7413da999f50536fe6270

    • SHA256

      1545f16d88ce55983a90b16b41ab6ccbadfb90ca4c0d966b3eb6d1d2d57dabf1

    • SHA512

      48996a1d57cf8548755d02be1cb5bbed4e55acd293e2094df76bf4656ea13e279559c28130714cc2f4eddd57af9d7918fea099155795d86201d1bdad7e83bc6f

    • SSDEEP

      49152:0v7tA+Mr1HPPO3ojj+HSKY8X9tdLmcq/SMYB35CpciI:0DtANrJjKTttdLTM4PF

    Score
    10/10
    neshtabootkitdiscoveryevasionpersistencespywarestealertrojan

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks