Overview

overview

10

Static

static

bf4ca3ef81...7b.exe

windows7_x64

10

bf4ca3ef81...7b.exe

windows10_x64

10

Resubmissions

14-09-2021 09:52

210914-lv85wsaebj 10

09-07-2021 18:31

210709-dplxbpw8y2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf4ca3ef810bbc866015723e09cdfb7b.exe

  • Size

    476KB

  • Sample

    210709-dplxbpw8y2

  • MD5

    bf4ca3ef810bbc866015723e09cdfb7b

  • SHA1

    b1ef1b47cb790ee88866d31bb09929a516e36caf

  • SHA256

    70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

  • SHA512

    1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      bf4ca3ef810bbc866015723e09cdfb7b.exe

    • Size

      476KB

    • MD5

      bf4ca3ef810bbc866015723e09cdfb7b

    • SHA1

      b1ef1b47cb790ee88866d31bb09929a516e36caf

    • SHA256

      70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

    • SHA512

      1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks