bf4ca3ef810bbc866015723e09cdfb7b.exe

General
Target

bf4ca3ef810bbc866015723e09cdfb7b.exe

Size

476KB

Sample

210709-dplxbpw8y2

Score
10 /10
MD5

bf4ca3ef810bbc866015723e09cdfb7b

SHA1

b1ef1b47cb790ee88866d31bb09929a516e36caf

SHA256

70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

SHA512

1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

Malware Config
Targets
Target

bf4ca3ef810bbc866015723e09cdfb7b.exe

MD5

bf4ca3ef810bbc866015723e09cdfb7b

Filesize

476KB

Score
10 /10
SHA1

b1ef1b47cb790ee88866d31bb09929a516e36caf

SHA256

70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

SHA512

1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify Registry Change Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1