neshta | 6bb3997b5d4050f10f4648dbf5e2e6ae0f482ca0c0cc128a446b907d28aef0fe[.]exe | Triage

Sharing

General

Target

6bb3997b5d4050f10f4648dbf5e2e6ae0f482ca0c0cc128a446b907d28aef0fe.exe
Size

2.9MB
MD5

402643fae6384a9369dc127b37da76f6
SHA1

6d554b9f1138cba38de521f1fc81a72097edc730
SHA256

6bb3997b5d4050f10f4648dbf5e2e6ae0f482ca0c0cc128a446b907d28aef0fe
SHA512

3aed8f487ae5fdda36bd60dbe3fc01049ff7f61c83971cebb37746c436e02dd4118c1f591ba81b190852b3743850bfab7e8f1ffd9d329e56f88f0a7dbd2a5e65
SSDEEP

49152:2JwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvuup:OwSi0b67zeCzt0+yO3kSh

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bb3997b5d4050f10f4648dbf5e2e6ae0f482ca0c0cc128a446b907d28aef0fe.exe

Files

6bb3997b5d4050f10f4648dbf5e2e6ae0f482ca0c0cc128a446b907d28aef0fe.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ