Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Detects Neshta Author: ditekSHen |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.0.IntelCpHeciSvc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Neshta Author: ditekSHen |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000003.00000002.403891013.00000000134B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.403891013.00000000134B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000003.00000002.403372406.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.403372406.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.619633331.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Detects NanoCore Author: ditekSHen |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Detects NanoCore Author: ditekSHen |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Windows\svchost.com, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED | Matched rule: Detects Neshta Author: ditekSHen |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: IntelCpHeciSvc.exe, type: SAMPLE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.0.IntelCpHeciSvc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: 0.0.IntelCpHeciSvc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: 0.0.IntelCpHeciSvc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 3.2.dhcpmon.exe.134f6ddc.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.IntelCpHeciSvc.exe.1bd64629.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 3.2.dhcpmon.exe.34cc9d0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.IntelCpHeciSvc.exe.1bd60000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 1.0.IntelCpHeciSvc.exe.6c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.IntelCpHeciSvc.exe.1b800000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 3.2.dhcpmon.exe.134f6ddc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 3.2.dhcpmon.exe.134f1fa6.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 3.2.dhcpmon.exe.134fb405.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.IntelCpHeciSvc.exe.2dc6ec8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000003.00000002.403891013.00000000134B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000003.00000002.403891013.00000000134B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.341781141.0000000002184000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000001.00000002.629221700.000000001B800000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000001.00000002.630261931.000000001BD60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000001.00000000.342421463.00000000006C2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000003.00000002.403372406.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000003.00000002.403372406.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.619633331.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 5760, type: MEMORYSTR | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: IntelCpHeciSvc.exe PID: 6824, type: MEMORYSTR | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\AppData\Local\Temp\3582-490\IntelCpHeciSvc.exe, type: DROPPED | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe, type: DROPPED | Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth (Nextron Systems), description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe, type: DROPPED | Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth (Nextron Systems), description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Windows\svchost.com, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Windows\svchost.com, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Windows\svchost.com, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe, type: DROPPED | Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth (Nextron Systems), description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth (Nextron Systems), description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research |
Source: C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth (Nextron Systems), description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED | Matched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED | Matched rule: MALWARE_Win_Neshta author = ditekSHen, description = Detects Neshta |