neshta | 7e2818e942ec332ef549d656cfb5ce07543fd81fb0b85cb7b724f5fd61143ed6

Analysis

max time kernel
32s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

APK-Injector Builder.sfx.exe
Size

98.2MB
MD5

6e0982e1b5e7179803675d70177a8198
SHA1

e6a5b7c2d2d71380a751c70a40335d7ab7cdeaa7
SHA256

7e2818e942ec332ef549d656cfb5ce07543fd81fb0b85cb7b724f5fd61143ed6
SHA512

b02fe06697605d86c93ea7faea1c9b90a924fc8fc0103587c26925eb08e838bbec4d3b43c45ec01c65eaf68ab6aec3d212896228ad6c65fa96d18ab829b44c48
SSDEEP

3145728:9MomAS5unYhlOjlcJ9YxWW8KELsIoM2wl:eo8ThlO/xSsIo4

Score

10^/10

neshta persistence spyware

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000500000001a4af-38.dat	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta

Loads dropped DLL 3 IoCs

pid	Process
1252	Process not Found
1252	Process not Found
1252	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	APK-Injector Builder.sfx.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2544	APK-Injector Builder.sfx.exe
2544	APK-Injector Builder.sfx.exe
2544	APK-Injector Builder.sfx.exe

C:\Users\Admin\AppData\Local\Temp\APK-Injector Builder.sfx.exe
"C:\Users\Admin\AppData\Local\Temp\APK-Injector Builder.sfx.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\New folder\rec\platform-tools\fastboot.exe

Filesize
1.6MB

MD5
243eff8bd862104fb399bcf1488b57a6

SHA1
b651c9260f11ffde765c978a588a95159e5be612

SHA256
917f35f86b35f5af676ae63ef2b8b4bd09b887a5643172d0c116aa7760015ff4

SHA512
ac6603af930fe655bfaebe0b5f36b147c39e0b4d1169e5973df68fbbd20f80f24b72f7cecd7f1412a59aeaf338cd2175326557536f1ec10c3d3caedc9c42beb4

Download Submit
\Users\Admin\Desktop\New folder\rec\platform-tools\Launcher.exe

Filesize
5.9MB

MD5
e632dad63d85e326f996d29455a73c5e

SHA1
b2790f28c60841c2cfd9334dc2b3d35a68965e56

SHA256
b3f3b2509384e16b578e69b3702074f91d76dd43dffc7f427072346d30900140

SHA512
8e68cecd310c0a7a27076b2d6f53b9b578e641d46d554ebf5fca33baac2741d8a501cb2728cf7870dc7a42dac8a2077bf1103a3ef190efb880035aec8ba5247a

Download Submit