Extracted

Extracted

• • Target

    svchost.exe

  • Size

    112KB

  • MD5

    2f000e0a52d6ee0c89f93fa5ab4c7e3c

  • SHA1

    6e45db2cc4648a388fbd6f3d82c7da9c8e30187d

  • SHA256

    cf1ebd6fb534d65dd0e8164db9693988d5a4a645dd044beba578ab25c0033e66

  • SHA512

    d433bf1fa375511d86621154450ade0879ee2705e7117fe6be67e38a26294d4187663b47ba3119da1776bf0594d516833696b80a502ff87b92c115cf98a368c4

  • SSDEEP

    1536:JxqjQ+P04wsmJCyfWxMb+KR0Nc8QsJq3+kk8YM7U1BEwox+L2CG7o:sr85CyOxe0Nc8QsC+kfYhHV2CZ

  Score

  10^/10

  metasploitneshtabackdoordiscoverypersistencespywarestealertrojan

  • Detect Neshta payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1