Extracted

• • Target

    2025-02-07_220f583ec7b1d4e62de5c81640dc61ce_goldeneye_neshta

  • Size

    295KB

  • MD5

    220f583ec7b1d4e62de5c81640dc61ce

  • SHA1

    76a71329ebec39570b5cadf974cd54c0e0ab1333

  • SHA256

    0563b6b8750f34a4cbec9711e65fbc21f3fdf126b2ec434b096e4fe351251134

  • SHA512

    1297f19b6878c25306c2c2aee108e100042cb910facc5f0c2f09a73c9fa75cdf96086ecd384c4a23d0a8970d71e7b825828fcf427aca7494f2cf49cf0424ba2e

  • SSDEEP

    3072:sr85Cm7WpLyLNZMcPSK7BaZ0NwAWMGc0HfmY4KsyyOiy12KJ3I4YgTltTAjnioLF:k9r0ZMcPBAL7c0fTHs+2sYXgL6nrF

  Score

  10^/10

  metasploitneshtabackdoorbootkitdiscoverypersistencespywarestealertrojan

  • Detect Neshta payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1behavioral2