Overview

overview

10

Static

static

3

fc6e2360ec...34.exe

windows7-x64

7

fc6e2360ec...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc6e2360ec42b0162ca6c115a87359ddb884735669a408df62d03a695554d934.exe

  • Size

    1.3MB

  • Sample

    250110-rwallsxjax

  • MD5

    54f49c2ad41ba4050cdda443c5d2c933

  • SHA1

    a1e467fb0356150a3883dc16ab4618467a9034cc

  • SHA256

    fc6e2360ec42b0162ca6c115a87359ddb884735669a408df62d03a695554d934

  • SHA512

    a1e101900c5a4e5ebba1d0c2ddb80e6ee3486fa43d389f53ec4aa1499b4debe6daafd218b981f22bba4dc80d845c2fcf0cf21ae16908950eab7f7004fb0fcb04

  • SSDEEP

    24576:cA7/6yeoGoMxQtDqIz46L7F8iICk14Tg7ncxRaFdfRwUmqt2LMf7PV56uESbxAq+:5zFBhewK7ZwNWjmqz2/

Score
10/10
neshtadiscoverypersistencespyware

Malware Config

Targets

    • Target

      fc6e2360ec42b0162ca6c115a87359ddb884735669a408df62d03a695554d934.exe

    • Size

      1.3MB

    • MD5

      54f49c2ad41ba4050cdda443c5d2c933

    • SHA1

      a1e467fb0356150a3883dc16ab4618467a9034cc

    • SHA256

      fc6e2360ec42b0162ca6c115a87359ddb884735669a408df62d03a695554d934

    • SHA512

      a1e101900c5a4e5ebba1d0c2ddb80e6ee3486fa43d389f53ec4aa1499b4debe6daafd218b981f22bba4dc80d845c2fcf0cf21ae16908950eab7f7004fb0fcb04

    • SSDEEP

      24576:cA7/6yeoGoMxQtDqIz46L7F8iICk14Tg7ncxRaFdfRwUmqt2LMf7PV56uESbxAq+:5zFBhewK7ZwNWjmqz2/

    Score
    10/10
    discoveryneshtapersistencespyware

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Modifies system executable filetype association

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks