neshta | 25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59 | Triage

Submit
Reports

Overview

overview

Static

static

3

25b6c8b51b...cs.exe

windows7-x64

7

25b6c8b51b...cs.exe

windows10-2004-x64

Sharing

General

Target

25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59_NeikiAnalytics.exe
Size

100KB
Sample

240701-ae41fstbll
MD5

d1d73678477e150ceebbfc9daec53070
SHA1

5f8597ad91251c6f13d13596864a5dfd542872b4
SHA256

25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59
SHA512

bf70ce0429791261c030dff001077fdc950d5183b1afac03e0cfe5ef75115243e24f878c1eaead7d9bdcc1b6353c550e2c7fd78d33ead300b12c4cd2b54c837d
SSDEEP

1536:YyYCkvjnFk/6jW8JX/3jtzUYx5QRpeTi+ORyBeRQ2R:YyY1bFCcW8JX/zeYxVT8RMeye

Score

10^/10

neshta xworm persistence rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59_NeikiAnalytics.exe

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

neshta xworm persistence rat spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59_NeikiAnalytics.exe
- Size
  
  100KB
- MD5
  
  d1d73678477e150ceebbfc9daec53070
- SHA1
  
  5f8597ad91251c6f13d13596864a5dfd542872b4
- SHA256
  
  25b6c8b51b839bc310e54200948099b5d16eb6a3f5ef6165c7a9f21c08b99d59
- SHA512
  
  bf70ce0429791261c030dff001077fdc950d5183b1afac03e0cfe5ef75115243e24f878c1eaead7d9bdcc1b6353c550e2c7fd78d33ead300b12c4cd2b54c837d
- SSDEEP
  
  1536:YyYCkvjnFk/6jW8JX/3jtzUYx5QRpeTi+ORyBeRQ2R:YyY1bFCcW8JX/zeYxVT8RMeye
Score

10^/10

neshta xworm persistence rat spyware trojan
- Detect Neshta payload
- Detect Xworm Payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

neshtaxwormpersistenceratspywaretrojan

© 2018-2024

Terms | Privacy