neshta

Sharing

Copy URL

Twitter E-mail

General

Target

FN CHECKER.rar
Size

9.3MB
Sample

250101-mpc1yaslew
MD5

6482e45fb445409bef7715b68d54103e
SHA1

38f68925a5ba43dfd2af0d9b4c3a2e4404594bf4
SHA256

0e5a0815a7c2ae0cc67cd267c8c8013fa0bdcfcace45a6f88460d8e8af70cf0f
SHA512

aa916205de1769043e27de68b8871aceb9b099ce9e86cbf1da3a8027ea2743b1fbcbed8f445d076042d2c8c55c68e550b7a850512a09fa59a2067cdd4dbf06a9
SSDEEP

196608:D783WPE+aGwf7YMWju0ApEFrg5eAkzBsguAIFG9qYEmzyT:Dw3j5D8uZp6mmBsRAIFiq9TT

Score

10^/10

Malware Config

Targets

- Target
  
  FN CHECKER/FN CHECKER/bin/AngleSharp.dll
- Size
  
  810KB
- MD5
  
  43cf95989d4b20c1a50a888c968536f6
- SHA1
  
  5306e571de0faa7cef8dfd9fe46621c5c50a9b16
- SHA256
  
  d9609f320e054e17c2ba1129ad293281b733625425028587b7326550bca398a0
- SHA512
  
  d3c4102ce4bae9fff3e1ae1f3aaaa8560c9acd73ad6441ac18203744011191ad2bd80caed37bd286bfc6410357928b15cffea4e4db61cf780db4d2bd939e4cf0
- SSDEEP
  
  6144:frPn0zXwluf4iupAvWw2Gf7tmp7gM6S6tCDELdzKnIgTAR3yFT2X39sKxqHNU0oE:frbWvW1q3LQDVI/RiM05B/
Score

1^/10
behavioral1
- Target
  
  FN CHECKER/FN CHECKER/bin/BCrypt.Net.dll
- Size
  
  14KB
- MD5
  
  6a56593ef2ef2d86f5ec26d2b3c50686
- SHA1
  
  344d593b6973288b62c6ae91d26237ecaf02096f
- SHA256
  
  e1f0f6abd5b942172ec00f8b6a341dc9e484e6a63031b7699c5b41f02df9cd55
- SHA512
  
  ba2dc71006550d9fed140459020c31183f16f90d6f2e3793ff79035706514a3fc8fb10c68dd64fdfb4fa23b6082c21e18559fb7ec4e7d1ee4571645ab8f92262
- SSDEEP
  
  192:irPd5E17sTjoomT8VqFVAeXJHJAyZJg8D0KThxA+rAQE+tnJiOUDyv8ov9jhCGk:eKP2qMeXJpJgLa0MpfDVQGky5X
Score

1^/10
behavioral2
- Target
  
  FN CHECKER/FN CHECKER/bin/BouncyCastle.Crypto.dll
- Size
  
  2.5MB
- MD5
  
  f0b3e112ce4807a28e2b5d66a840ed7f
- SHA1
  
  54a6743781fd4ceb720331fce92f16186931192d
- SHA256
  
  333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c
- SHA512
  
  dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190
- SSDEEP
  
  49152:OSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:6xodumo6Lr
Score

1^/10
behavioral3
- Target
  
  FN CHECKER/FN CHECKER/bin/CaptchaSharp.Services.More.dll
- Size
  
  14KB
- MD5
  
  35037461c0ab99e6013fc99adc5acc88
- SHA1
  
  1e84a20fb07c28b9a227f1bf55a8d045f18f7982
- SHA256
  
  7ace519a9c2d943f2cd8358573eeb4f21f4dfa723720ca6c4bffd67b08d4f63c
- SHA512
  
  197f9f5aea0d1dfd56f2d705a4f79846b6b84f1e3ff50f460cbd60de7cdf78e09e19e92f9ae7deee4894322ac34b8dabcc8770ce18645e8e312811c4550dad9c
- SSDEEP
  
  384:CXwLIayjGdhDrVaOsgC5bxZiE71rHJDT:CvS7rVf0/ZnrpDT
Score

1^/10
behavioral4
- Target
  
  FN CHECKER/FN CHECKER/bin/CaptchaSharp.dll
- Size
  
  95KB
- MD5
  
  de9dbbe708a35baa84dddb61066a68a7
- SHA1
  
  16cc77bf5a0709b2343d7d4a68791c21a48b0e5c
- SHA256
  
  72e5f45ff10cf78298be28a706214e8af96f5165294aa1db77820a27fa85143a
- SHA512
  
  70579920debbe302b96058ad1c79a595b63af6ed369385a210b91bf7f3220d92f93a2bbf3e25d28a6d783ccda007df9ae6364671c0fc7778564ae71bbeac1031
- SSDEEP
  
  1536:0U71loylHoU4lQsZTM16RBlpRV5LaIST+cu5aXwZXo+PbYw0cejuEruLd:06s6rOQveBlpRVeXwZXo+PMw0cejuw2d
Score

1^/10
behavioral5
- Target
  
  FN CHECKER/FN CHECKER/bin/CloudflareSolverRe.dll
- Size
  
  79KB
- MD5
  
  80406e5e8caf22ac3ad1aaec6ce05379
- SHA1
  
  9e35560a4acfc389f520ebf5e431e5990e59316f
- SHA256
  
  705bab4da9023768a242b899008ac1ecc5521131a8ce928929c74aff69672e79
- SHA512
  
  e03295f37984bf78948e6bc84c10de8134bde7bf80887fb216e5f45646f5153d17e93d666d74d49effc3baebd280544d19b556f670258b920903e68975a45222
- SSDEEP
  
  1536:bYivK8sVHezgHOtEVVnmG0mC5OqGTiDm7b0YM89TQZKqqKKO2eWu27Jl6i46iBdz:sDHAo+EV4rj4T7b0YM89TQZKqqKKO2e5
Score

1^/10
behavioral6
- Target
  
  FN CHECKER/FN CHECKER/bin/Colorful.Console.dll
- Size
  
  88KB
- MD5
  
  ac4267b870699a799e05b2be2d2956da
- SHA1
  
  bad70ee226a1be3b27ee780888cd8cc78f89c855
- SHA256
  
  309c616209120ee751df11612a8eadd06e8c86e68510d0b31ba21290782516fc
- SHA512
  
  f694e6506229aac78c5c81bfcdf606244fe5bcd7a1d63f6dcbdd5babb2f020ec03415f75af030aa2d574f083fa72050fa8f08d9c03efbeed54cfea05609b9086
- SSDEEP
  
  1536:YLeJYyqw6Yu+tJ9gbYm35KNaxe97LCnbhN:Yxyqwpu+IzOJ97LwVN
Score

1^/10
behavioral7
- Target
  
  FN CHECKER/FN CHECKER/bin/CommandLine.dll
- Size
  
  200KB
- MD5
  
  af2580e5be07d301ef803e3b6243422d
- SHA1
  
  959ab9ca00903322f2e4b8a9610b245679cf3d5c
- SHA256
  
  cdd1eea8dd04fbf463d9c6f5b65541abd0536fd7e79dcd4dae796a50048b5592
- SHA512
  
  77c43440cdb91de5b072b178b9f34942d23752701f148771dedac14a9022c806104f55190b4aa6197369f729d5d94852316990ad54612eb610107b0a01e34839
- SSDEEP
  
  3072:/GhXtCTHuV1UaXUsKn7t5NQxS3XXINsrWyRsdEme5niIGLfG8M+pR+dP:/YCTOV1UaXUsotGNsCyRsdQmLepk
Score

1^/10
behavioral8
- Target
  
  FN CHECKER/FN CHECKER/bin/CommonServiceLocator.dll
- Size
  
  9KB
- MD5
  
  e5f3b59ab9fd9157857d69b3d9611d0b
- SHA1
  
  057db8a55c224569a192f24c88f7cf0af02dd9bd
- SHA256
  
  8951f1b70412949c6ac5f5a73441e689d954522ee199f17f56c97d3c90908afd
- SHA512
  
  425261a0f0487a8b7f2c99ca41adb4535c90a561792076a67c9fad7dd9faa30989a64d59e4b281aefe5943bae0b19b5b381b6a7e9ed265836a726292d8edc623
- SSDEEP
  
  192:RVtbOf3jdnqSoG4MUzGRxHjgiqyOwFRc/giW:RVtaf3jP4MUzOxHjgiqPYiW
Score

1^/10
behavioral9
- Target
  
  FN CHECKER/FN CHECKER/bin/CryptSharp.dll
- Size
  
  58KB
- MD5
  
  ed9a681e7f612ec8ddeae668312c6778
- SHA1
  
  033a171624699a0a8ebf5226916a2a051bc29bbb
- SHA256
  
  f14e2e528b56f88106e7df0d40db9c4fcde3dcdb7f7182873b6997cb8d5d0610
- SHA512
  
  51d2060851b03d0c132d00ae600707561a749a80b0cec8f131c0aca4d9509fb0f327a08056c00d54f24d03986fa2ee239b9a1955a8eea3c420ee871cbeace42e
- SSDEEP
  
  768:gLmEUv+8NQBYED86sGNgnRj4+hKkF1vnGq+xu9z8nS0ezkdh0RoqXfLt4s+B:tcPWn1+xIISfwmouL+z
Score

1^/10
behavioral10
- Target
  
  FN CHECKER/FN CHECKER/bin/Esprima.dll
- Size
  
  207KB
- MD5
  
  cf45d39c42564d253930934fc1122ec3
- SHA1
  
  ae89c96e521b1260c4cbe4103c63ee3ba29e6b1e
- SHA256
  
  0c31753c4efc29be353e6c11ebfe0a80b7c8bb3453c67a694b56751094ba281e
- SHA512
  
  25edba6944ca66b15ed97032fa14b5cc7fc143da6ea4714d71b34c2cb5cf356af800b87936369a518a1a15986d439e2af361864e0bbce16bddfc47cf4eb4c5a7
- SSDEEP
  
  3072:PRWz+01XNw3Y1gFSmf6akNMSQl2dbdE2eShc0sqJ81xtE:PN0/w3/VkNbQlQdE2akaj
Score

1^/10
behavioral11
- Target
  
  FN CHECKER/FN CHECKER/bin/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  01fb96e4876441feaedf92a5cbe8bb0b
- SHA1
  
  faae8c94055f8311293c8a00b9b9cf53cd5a17bb
- SHA256
  
  eb1b67954ac21c77eb4086939ac4e895cac5bd4425fb6964ac56e3298a392d74
- SHA512
  
  1820760f46e38ba95d75fe516934aedac8102517f203f7f2b1be6e994f9f285b728036be8e94445993c0c1247dd5d9e1eb4ee0cd7ada7a029f6863af00a3a124
- SSDEEP
  
  3072:GYEOsKG5/7enk7upwH54I0UpQzRE1c0Y8eVMV6cWIyqMG4iNjT:GmsK7uNLpERDV
Score

1^/10
behavioral12
- Target
  
  FN CHECKER/FN CHECKER/bin/Fizzler.dll
- Size
  
  35KB
- MD5
  
  b939e24b37c2c15e8f63dc00cafb81c1
- SHA1
  
  f428575525b1b74291fd2ca1684260c915ebc5e0
- SHA256
  
  17a47ed50db606c1c1061c23c894b8814223dbe24c45592e0b03e784e4d746ab
- SHA512
  
  38e3aae36f6d711f69cc0989afe49e4314c671ea012e62b3ec87cf1fdfbbbb74a4a0349743a48e371be1e7cf3e441dc7f59f45a04fcfc2b952ae81ed88c204ec
- SSDEEP
  
  768:RSwaeXSAlhblpJGlytZKdmwwA3VmiggSRTl1V:RBaet/bhG0KdDwLRDV
Score

1^/10
behavioral13
- Target
  
  FN CHECKER/FN CHECKER/bin/Fortnite checker.exe
- Size
  
  517KB
- MD5
  
  4ee4eb93c2b66408bb2b7ed294ce8456
- SHA1
  
  0c5e89962612ae857dcdc7ae157c810a23c484a2
- SHA256
  
  3ccceb62c17463b89547b63957065b00621bfe611f6c83df1f6cb71c3c3b1c0f
- SHA512
  
  a44cc99c858c44ea7ce52328dcacec30e749804da182dcabf6978c1e73f1f5ff90dfb8c20ee1e82a6b2ee791a24289a0694b5e990de09df5d0b1c41d09af8088
- SSDEEP
  
  6144:k9EcZu6Te3V8zcL/9QRL5t5mVMZjE4usD6:BuTZ2lQRL5t5mOs
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral14
- Target
  
  FN CHECKER/FN CHECKER/bin/GalaSoft.MvvmLight.Extras.dll
- Size
  
  21KB
- MD5
  
  810e42e2bbfb536bdc01abf882a24938
- SHA1
  
  7bd37217aaf5ec27d2f993bb4212b0b8ab94d220
- SHA256
  
  cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb
- SHA512
  
  176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650
- SSDEEP
  
  384:+/l5QKk8gdYAT5gb5DoCEJkUvuXctCRJEITSIjZ4qbhPyWAPslJ:ijQKJAW9Ehvvs+CRJxTb6qhPLAPslJ
Score

1^/10
behavioral15
- Target
  
  FN CHECKER/FN CHECKER/bin/GalaSoft.MvvmLight.Platform.dll
- Size
  
  13KB
- MD5
  
  5b958b4229538ac23099ce9ed6f37de4
- SHA1
  
  32cd46e39c4f6334d28788d5e3afaa19d4fd1041
- SHA256
  
  2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573
- SHA512
  
  87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899
- SSDEEP
  
  384:qKKUx+mQv787sGaP39cVT0ojR97d5tS/iPyrA3UJsgkW:HKnWG/oTZjR97dOaP+A3ksgkW
Score

1^/10
behavioral16
- Target
  
  FN CHECKER/FN CHECKER/bin/GalaSoft.MvvmLight.dll
- Size
  
  29KB
- MD5
  
  af04687248da9e95a7ff65ab538d0bcf
- SHA1
  
  7511184300e2b6f70bc92333392386a812b2dabf
- SHA256
  
  b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf
- SHA512
  
  a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a
- SSDEEP
  
  768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL
Score

1^/10
behavioral17
- Target
  
  FN CHECKER/FN CHECKER/bin/HashLib.dll
- Size
  
  815KB
- MD5
  
  8dc36e83cfc109069585e07a26d35aac
- SHA1
  
  fd6af10042fbd1f9595952b24a7cf128c203ea5f
- SHA256
  
  39542c35a291a6b7a798bf1f108831b552e577bb32a9e17ebaa1c95388a34bd8
- SHA512
  
  6aea84cec57472adf408e9b69a86ba01d06167b0721c74073f2f1d7b90dfe2c2ea35bdb5016b019a8b02b8f5adfac6a37adebf539733a8872b47574906d71865
- SSDEEP
  
  12288:lNZ+RNJwRNJNRNJM89pWdAK+tOR3Mq6MYrKUejkG1b4Sl:lNZ48nWM6ApLrGl
Score

1^/10
behavioral18
- Target
  
  FN CHECKER/FN CHECKER/bin/Humanizer.dll
- Size
  
  250KB
- MD5
  
  b23ec3bf471a12c288f2a46b428bd013
- SHA1
  
  766c5bf33247f5d399f410873f4640c35fbc885e
- SHA256
  
  15e988ab3e8d84900ae90549eb399aac452d55edf0109e06fa1a9b227ddfd4c4
- SHA512
  
  ae49d951be7234a74d0df7b9f508651d199f2116ee9c52f88c70e1d8cc400ed4dcbef6ae851ec73cfe461faada4f5b807f1ab1cf9d5b4ff62489855259c8eccd
- SSDEEP
  
  3072:5r1It35fKhmIt+sS0vurEd2EtvXXVdLA6bYpBOljT6jVLHmPlRhvcA5qm:5RItQrhJurPEJGO96jVUXNcA5D
Score

1^/10
behavioral19
- Target
  
  FN CHECKER/FN CHECKER/bin/Humanizer.resources.dll
- Size
  
  16KB
- MD5
  
  b8deb74353896b2598ee9eaf9e14ddf8
- SHA1
  
  e5020799ae0fd851f6361cdebd734726b9b9d63f
- SHA256
  
  25542713e5294ef929f80ce2be753c2e9dc20aa63fe7cdd9db61a35fc2113234
- SHA512
  
  56da0bf3cdd40648a0eba09b0360113028ebeaeaf80064dfe94b427caca7a76a94fcf37dc9d1d057d32d11eccbb63ffc304082f28ea6aa1ab47603fb3803ff3f
- SSDEEP
  
  192:cnPmKbvyJr07htBtTTPZSZucQZPMH7Tpe1zO/fTJo23pua9sgfxIZHA:CPmIvyJg7ptTjZSZmZPkiy/22UDgf2hA
Score

1^/10
behavioral20
- Target
  
  FN CHECKER/FN CHECKER/bin/ImageProcessor.dll
- Size
  
  185KB
- MD5
  
  e6499840c1141905681c11a632cd52b7
- SHA1
  
  1ce6ac73d1932c17544c83d515ffbbf0779bf47b
- SHA256
  
  eee56a5021b139897a16ad1b1aba061827924c585222b6b71d0b793df4676013
- SHA512
  
  dcf746663306cf1fb96418e32f4ef696e905dd910100944005e4da17b07b31a5049d96dfda061e1f0b84153dc8fad1cf90d1a95fc044a309277f47b34837d13e
- SSDEEP
  
  3072:qxFzZ20pb9s2/lCy7ZsEFH0O7P/eMusO0eVrlDoYDeG5T9CgOUJTIHdwEhhFomVy:uhZTxs2/lCy7ZsEFH0O7P/eMusO0eVrP
Score

1^/10
behavioral21
- Target
  
  FN CHECKER/FN CHECKER/bin/IronPython.Modules.dll
- Size
  
  781KB
- MD5
  
  56c02ca018022884c6a6ecbf21853ba9
- SHA1
  
  e82520170bf37c5c26cf58a88bcd00ee31eac953
- SHA256
  
  87ca4725f12e8c030392be0164a521940ed353bc60cd34725f8bc0747bb7c069
- SHA512
  
  a6ecabdd5e9a75bba2fc4c582b23fd9df533771dabaddc7ac9e6743852f0c850f524fbf767de5550dc7e7bbfc767d484b0411fcb8ef36cd00cc058a00e25ed50
- SSDEEP
  
  12288:Sl96RaosN8DbVUKZp4/w/0sdiHqgTVJo///qYAJKa6Cy4xamJtQS+2X34l8K:89+URJo///XMJBYm3QWX34l8K
Score

1^/10
behavioral22
- Target
  
  FN CHECKER/FN CHECKER/bin/IronPython.SQLite.dll
- Size
  
  622KB
- MD5
  
  33c7a7897ac17c6bb2dd7a70756e8801
- SHA1
  
  acfc7a4b095cc5541494fba59f407cdc98c6dcb4
- SHA256
  
  b530d7ee6b5b5cd4bab686b2a068eaaec1757ad355b0400d2aacc23c4e2cd530
- SHA512
  
  491b4f33bfd1e63d93ff832b3493f69d8ae93b9d2dac5dad9461a76e464dde05212f133e603302964c821207c1f79eeb4bf3107201e5b6d418d0271fc269a8cb
- SSDEEP
  
  12288:uOc3F13Axax72xqT0G/3weuTVSMy3KBzUJF3Me1fFChem:NcwItAc/3Ru0MzUv/fFSe
Score

1^/10
behavioral23
- Target
  
  FN CHECKER/FN CHECKER/bin/IronPython.Wpf.dll
- Size
  
  7KB
- MD5
  
  ebb90f59291a5675e8ab1ca03d563024
- SHA1
  
  dbe17ab1c7ada5439693a26dfd9805b7c6006916
- SHA256
  
  5f32b1d69f5e6e741cb15f5054811a580aded15149164309caa1d0e8caa7d364
- SHA512
  
  a7b3ca7c2c8a9e0ae6296f76e19670d2417b1fe30e4668d980ac2f79b5cffa6e566b8922640184bc68b0c17ce958f479c3ae8f452a88b1cd76047406dbec4e02
- SSDEEP
  
  96:cGR1MPHBFTZmHwCB57ECPSY1/V/8r2KsDlRZ9tVQURdhR1oPRzZ1:vnIBulNS2VNvf7TdL16Z
Score

1^/10
behavioral24
- Target
  
  FN CHECKER/FN CHECKER/bin/IronPython.dll
- Size
  
  1.7MB
- MD5
  
  f80c98a91e564c456dc62a5c5022c792
- SHA1
  
  1e24946058ee93bb1920e672ce99c15f65a02ed2
- SHA256
  
  c0f852fa065b8d7e2f54a1845c4b80a65a05b4cf5ac670cbb5754173b1a86e40
- SHA512
  
  dd3b4bfaa8bc8c6896b379abd129ff2a7c06f19d9f5064de2732e62973f9e253fd9375e183bf5ed66a8cca503a9041ee47a6b309fded8e1ec41465f2802b2258
- SSDEEP
  
  24576:64upM4bxxJOgbUXu5+eBU1Vy0khcgwdiJg9tZkn5qVj++:2dxJAkigwdixt
Score

1^/10
behavioral25
- Target
  
  FN CHECKER/FN CHECKER/bin/Jint.dll
- Size
  
  244KB
- MD5
  
  734c5ce8f9b104d8ad3c7b494e96f9b9
- SHA1
  
  184cd4152b1b65d9531867b06c2e1c215fb872f1
- SHA256
  
  ed618668ae9e7c02c7c2b7332dd09079168cca96432a051044683c996337001c
- SHA512
  
  1e3ac0649e3b7bf9e97681aa7b1346aa44afe96d8c86fc77a6e002b8cf5b14b1a57f19f669ed0d4ae9a94d3f65d4eefa99dcffcf5d74afc8731f913c9c9f79d6
- SSDEEP
  
  3072:hE1DupDOGfyKkpsZa27k5t0f5jjBWV239UDjRFAkqYL36ZmvYYGUaKTUCRaikNrJ:hjyQlGunmvjPa2vRQrXPHNQHsq5+L
Score

1^/10
behavioral26
- Target
  
  FN CHECKER/FN CHECKER/bin/Jurassic.dll
- Size
  
  481KB
- MD5
  
  e34177a06ff6b21f513db7343d285644
- SHA1
  
  bc802296601401bc64d896b8dd907d297a714174
- SHA256
  
  bd60614a8fcbca2c0a28b57da6fef13783c7b6d4d843f83a4b03a01f2bef5468
- SHA512
  
  2da0241f259fc75a05f05d494e4fa4645130dcd2ce9942ee57be64cd8f1d519b2890d52c15dc31eaa5120804bed5a5f50bbb0f1e78033729d3218d4c221e6ba2
- SSDEEP
  
  6144:MM9Z2RgB/Yh3PdMVx/1JfPhSIdCEcNo4T7sAISalENpCw0dCgBIidLEmMPucU:MYHt6/7NhUxxEz8XC5U
Score

1^/10
behavioral27
- Target
  
  FN CHECKER/FN CHECKER/bin/Leaf.xNet.Cloudflare.dll
- Size
  
  48KB
- MD5
  
  d35cb544bc326ce175ef1c1c5587da6a
- SHA1
  
  c1f8cf15423dc0151824326f5e9991321c21f453
- SHA256
  
  8b116eac478bc55007c6a73c831738842e00ddecdb9de10f34ab2dfb017eea82
- SHA512
  
  3da7f675f3f9efb8acaf95b3f5dddd408d5f5db9b9fbcb3df17ba91bd24f1abadfef7bd507acea04721f128a392f397a8bba26fbea7216115db95f21e561bb19
- SSDEEP
  
  1536:72zT/PBeqTEWJ4VAZMElgbMDRHXjyiqOdzxHK:A/P/FVZMElgbMDRHXjyiqOdlK
Score

1^/10
behavioral28
- Target
  
  FN CHECKER/FN CHECKER/bin/LiteDB.dll
- Size
  
  347KB
- MD5
  
  25b242d00c6c32e1f437eb2064ea2e29
- SHA1
  
  3712bd78c80a237dd804ec77c64498defde12e94
- SHA256
  
  e72acddf47586bc0999d598e3bd125a254bb6f4ae151c076993304f6e31fbbed
- SHA512
  
  f1ca54008290f67825f4aa0c8f78476d0e4ebb3b7f50c338f51c87a96b0d25457496fe6062aa57e401c444f5aa80df8e6b97c2e681e699905f3dc39200d235d7
- SSDEEP
  
  6144:mtY8gj5LlWwTjrG6VFNEjqpmzYyfQQG5HdE:t9LlTTjTu2pHyoW
Score

1^/10
behavioral29
- Target
  
  FN CHECKER/FN CHECKER/bin/Magick.NET.Core.dll
- Size
  
  1.3MB
- MD5
  
  51145fbe253beb5dfd082dcdd5f99473
- SHA1
  
  7836d3687600d2d78f95a9e1a236d918dd381116
- SHA256
  
  0145005ff357be81cfcdb22c34140daa51c77590a0034669423a1ebd4a7504c8
- SHA512
  
  193564ca9f977f940e6951474eb443bf9d57784627b8498a4a7e133431848224dcc30870fe2fd4c0e07a1ca3dad14bf6f2f9dee75c4e4b38f0dcca9badb96be7
- SSDEEP
  
  24576:RUP6nXyeazknKKKKKKn/1SD2OuaACajAyCE7ykral6J:86nozw1i2yAC+AjENraIJ
Score

1^/10
behavioral30
- Target
  
  FN CHECKER/FN CHECKER/bin/Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll
- Size
  
  34KB
- MD5
  
  23921b6c91f68bbf33f90df4bcd79749
- SHA1
  
  a67f1601578c0f2ecd063745a3ee354b92be60f9
- SHA256
  
  b5ff36ccfa049b089b00e3450f41af5fa42cb1fb7fff998edaa62500170a2864
- SHA512
  
  24043369bbc5825317bd50cc1800bfd10eb47584a505b24ec21cad955bee73eb8db14324834e1a8998e22a0e131206bbd7dc8e686ddb92104a7b1419ffdf029a
- SSDEEP
  
  768:pK4/fYV3xf/Om5lFYExqL0wMtpmy/CO/P:A40/Om55Xw8pFaCP
Score

1^/10
behavioral31
- Target
  
  FN CHECKER/FN CHECKER/bin/Microsoft.Dynamic.dll
- Size
  
  825KB
- MD5
  
  c45412310549bce0314abe44d83c12e4
- SHA1
  
  d963ee952c08df5f8bad10fb41ac9561b8acf5c3
- SHA256
  
  ba822bb7a9d984fcac630922d4598ff04b772b0c5b2fa4cfbfbab0dca5a351dd
- SHA512
  
  de113ac06823051fa3ebc10d8464aa58dc8293134cbd5c44a92ca456c4feb4e122aa1c0b31cb4a86012fcf4e17e6edb8ed300bc9655dd630fe43b6b156778bee
- SSDEEP
  
  6144:yhvQqeXazzXESzlJW+1FaFslQBt6opF9Ckjw2yiPjES6slmGCiJ+EsIZ8nbd+Hvz:ZwXFL/VyLpFYzex8noPiCbKZksy/x0c
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Neshta payload

Neshta family

Checks computer location settings

Executes dropped EXE

Modifies system executable filetype association

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32