Extracted

• • Target

    98324ed82667a759bbdb1b087c3762be2c672e45fc0b00fbd3161f6810fc572fN.exe

  • Size

    199KB

  • MD5

    217e41f6c25d038647a7442444f73ac0

  • SHA1

    6296791ef6ed5b2a0ef18f2a0af986f9596939ee

  • SHA256

    98324ed82667a759bbdb1b087c3762be2c672e45fc0b00fbd3161f6810fc572f

  • SHA512

    b1cfb43fa8db915b9b4be3a682e6870d3321ff808ca33e45ae57042e3ca200f4307d601c199e41b8a9cb0e0bcd969f5b5d35842403330e861366f0081aebf4d4

  • SSDEEP

    3072:7r8uCJwMEHdNOy+eP/rM71eYQUXlqBRfpj46MQCcA5Cf0Gy4i8qQtHSUgmQ:3CJXAkp2r+QUXWS6MXi10KQ

  Score

  10^/10

  neshtasalitybackdoordiscoveryevasionpersistencespywarestealertrojanupx

  • Detect Neshta payload

  • Modifies firewall policy service

    evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2