neshta | 54c804c8f597748ce17394624b6c08a4[.]bin | Triage

Sharing

General

Target

54c804c8f597748ce17394624b6c08a4.bin
Size

1.1MB
MD5

45222b49d4f8bca067279c65e869c695
SHA1

02dc5d5cdc3773fe081347c1a65d6374cb121ca2
SHA256

e925562d4e4adcc745a473f66dd0a749be2a442f00105a3091b2d25e5ade8e60
SHA512

dc81788ef54ee46a7d0be44749a51d29222b8f2059c7eeda2e8eead55ecee158dd7b3e4e54b4a9ec521cfaf5f04f8e601638c0795474e7b07090793d472bc6e5
SSDEEP

24576:MqUidOVM0952wDYWsDJWWBbjwk/nTr5MYXF/l2lE6UmRUJQqNVx1PD:hUqO6S2wwh1jwqvFaE6hcBF

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
static1/unpack001/6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f.exe	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f.exe

Files

54c804c8f597748ce17394624b6c08a4.bin
.zip

Password: infected
6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ