neshta

Sharing

Copy URL

Twitter E-mail

General

Target

Instagram Account Checker By Amir v0.1.rar
Size

1.3MB
Sample

250130-vs5jcszkhk
MD5

a881a88cc642bac36123ee7ab3ce377d
SHA1

d9a33f01390f6a86eebab66201db22b1d4e92684
SHA256

418d91aa65e3ab38c3c95015d986684ee9c7bcb326f186ad0fba5c12dc77e8bc
SHA512

852be83f0a19f368d7e0051fc4663ecfc5f1ae5fddbeca31027ce8eafe4acdd7808f9b3203d8a78c0c3b6b485231e07fef1ea0386f1b5bded4444d1d556bb9bb
SSDEEP

24576:Gp7XinQiXwC6KsZ+RMwuMzp/o1ZybvIk05+He1FSb4pGXsZ2+GE+oTd/N:u7IdXwkHR1uM9Q3IvIB5+He1FSb4C22G

Score

10^/10

Malware Config

Targets

- Target
  
  Instagram Account Checker By Amir v0.1/Instagram Account Checker By Amir v0.1.exe
- Size
  
  214KB
- MD5
  
  061683b79c9c654a8eb5e81c3b1f4de0
- SHA1
  
  02cebcbebe06905fc80f1a459a673b8317ebeb80
- SHA256
  
  19a099135d5248a219e7b13b74b6a608de4db082638dc566d012153406f86c3d
- SHA512
  
  080d5a29e722dc3e020a7582c592d36f4ccb64b97008df24d5c89b93a2ab4afb3295cf5ec0826ec78c7ef85e5a3d6927038f99a5fcb328b487d216573a42193d
- SSDEEP
  
  3072:74l6udi2LxmIx72Q78LaN09doHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHT:766uDtZxj71edik0vNdxNtCcCz
Score

10^/10

neshta discovery execution persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Instagram Account Checker By Amir v0.1/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  ab4c3529694fc8d2427434825f71b2b8
- SHA1
  
  7be378e382e43eae84f1567b3570bca9a67e7697
- SHA256
  
  0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65
- SHA512
  
  02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5
- SSDEEP
  
  384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Instagram Account Checker By Amir v0.1/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  65ef4b23060128743cef937a43b82aa3
- SHA1
  
  cc72536b84384ec8479b9734b947dce885ef5d31
- SHA256
  
  c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26
- SHA512
  
  d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7
- SSDEEP
  
  12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral5 behavioral6
- Target
  
  Instagram Account Checker By Amir v0.1/MetroFramework.dll
- Size
  
  345KB
- MD5
  
  34ea7f7d66563f724318e322ff08f4db
- SHA1
  
  d0aa8038a92eb43def2fffbbf4114b02636117c5
- SHA256
  
  c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
- SHA512
  
  dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
- SSDEEP
  
  6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj
Score

1^/10
behavioral7 behavioral8
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral10 behavioral9
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  ab4c3529694fc8d2427434825f71b2b8
- SHA1
  
  7be378e382e43eae84f1567b3570bca9a67e7697
- SHA256
  
  0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65
- SHA512
  
  02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5
- SSDEEP
  
  384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr
Score

1^/10
behavioral13 behavioral14
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  65ef4b23060128743cef937a43b82aa3
- SHA1
  
  cc72536b84384ec8479b9734b947dce885ef5d31
- SHA256
  
  c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26
- SHA512
  
  d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7
- SSDEEP
  
  12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral15 behavioral16
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.dll
- Size
  
  345KB
- MD5
  
  34ea7f7d66563f724318e322ff08f4db
- SHA1
  
  d0aa8038a92eb43def2fffbbf4114b02636117c5
- SHA256
  
  c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
- SHA512
  
  dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
- SSDEEP
  
  6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj
Score

1^/10
behavioral17 behavioral18
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/xNet.dll
- Size
  
  99KB
- MD5
  
  bf1f76644bddd20339548ebacf7a48eb
- SHA1
  
  38114702114105eb3df3f74bf4c68ef7db436f47
- SHA256
  
  5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2
- SHA512
  
  76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5
- SSDEEP
  
  3072:sCMhzHWHfyqxjqCgRGAQIO7ScwpY3wisz0YsXhqnV+xnEd4:sCM52n4RSVPwIhqnV+xnEd
Score

1^/10
behavioral19 behavioral20
- Target
  
  Instagram Account Checker By Amir v0.1/SHELL/xml.exe
- Size
  
  285KB
- MD5
  
  0a77cfe1308dbf869c62560a80a1ab57
- SHA1
  
  8f8fad37cb455d79477ea63b9e33ae364327ced8
- SHA256
  
  322bc1db23aa000b478e488cb7683c67f98b60a2a92683e331964b6505b452a8
- SHA512
  
  e76ce13f0a5bb4452cde9f9210e632a0a9836c57b8374ebe82820a518ea6639b87c8a1b4dea39b872535d514b66281faa55d7ecf017237cb1a98256d7cb7b598
- SSDEEP
  
  6144:k905WxvstaVsHDeVDZQ17B99b2Q1F8yVjXhAEv/Br5Y:D5ZtaVq89g7PFj1F8yVjXhAEv/nY
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral21 behavioral22
- Target
  
  Instagram Account Checker By Amir v0.1/xNet.dll
- Size
  
  99KB
- MD5
  
  bf1f76644bddd20339548ebacf7a48eb
- SHA1
  
  38114702114105eb3df3f74bf4c68ef7db436f47
- SHA256
  
  5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2
- SHA512
  
  76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5
- SSDEEP
  
  3072:sCMhzHWHfyqxjqCgRGAQIO7ScwpY3wisz0YsXhqnV+xnEd4:sCM52n4RSVPwIhqnV+xnEd
Score

1^/10
behavioral23 behavioral24